3️⃣Step 3 - Integrating Eartho into your server

1. Before we start, you need to import Eartho into your app.

2. Integrating Eartho into your backend environment with code

If you use Eartho One with an app or site that communicates with a backend server, you can protect your routes easily with our SDK as well. After your users finish logging in with Eartho, they'll be returned to your application at the callback route.

On the client side

Every request that your client makes to your server, send with the ID token on the client side

const idToken = await earthoOne.getIdToken();
const response = await fetch('https://api.example.com/products', {
headers: {
      Authorization: `Bearer ${idToken}`
    }
  });

On the backend side

Check and verify the integrity of the ID token and use it to protect the API routes that you want to protect.

Step 1: Installing Required Packages

npm install @eartho/one-server-node

Step 2: Protecting Your Routes

Use the Eartho SDK to protect routes that require user authentication. For example, to protect a route that fetches user data, you would verify the user's ID token sent with the request.

const {EarthoOne} = require('@eartho/one-server-node');

const serverEarthoOneOptions = {
  clientId: "client id",
  clientSecret: "secret key"
}
const serverEarthoOne = new EarthoOne(serverEarthoOneOptions);

//Or check by yourself
getEarthoOne()
  .getVerifiedUser(idToken)
  .then((decodedToken) => {
    const uid = decodedToken.uid;
    const displayName = decodedToken.displayName;
    const email = decodedToken.email;
    const photoURL = decodedToken.photoURL;
// ...
  })
  .catch((error) => {
    // Handle error
  });

This guide assumes you have a basic understanding of Go and its package management system. Below is a step-by-step guide to help you set up Eartho in a Go server application for authenticating users and securing your API routes.

Step 1: Setting Up Your Go Environment

Before integrating Eartho into your Go server, ensure your Go environment is correctly set up. You should have Go installed on your system (visit the official Go website for instructions if you haven't).

Step 2: Install Eartho Go SDK

bashCopy codego get github.com/dgrijalva/jwt-go

Step 3: Setting Up Eartho Authentication in Your Go Server

Create a new Go file for your server, for example, main.go. Import the necessary packages:

goCopy codepackage main

import (
    "fmt"
    "net/http"
    // Import the JWT package or Eartho SDK package here
    "github.com/dgrijalva/jwt-go"
    // Assuming `github.com/dgrijalva/jwt-go` is the JWT handler
)

Step 4: Verifying the ID Token

Assuming your front end sends the ID token to your Go server in the Authorization header, you'll want to extract and verify this token in your server routes:

goCopy codefunc verifyToken(w http.ResponseWriter, r *http.Request) {
    // Extract the token from the Authorization header
    authHeader := r.Header.Get("Authorization")
    tokenString := // Extract the token from authHeader

    // Verify the token
    token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
        // Validate the alg is what you expect:
        if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
            return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
        }

        // Return the secret key or public key against which to verify the token
        // For example, return []byte("your-verification-key"), nil
    })

    if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
        // Token is valid, and you can extract claims
        // For example, userID := claims["uid"].(string)
    } else {
        // Handle invalid token
    }
}

Step 5: Protect Your Routes

Use the verifyToken function as middleware or within specific routes to protect them. Ensure you're checking the token before allowing access to any sensitive information.

goCopy codehttp.HandleFunc("/protected", verifyToken)

Step 1: Install PyJWT

First, install PyJWT and a HTTP library like requests, if you don't already have it. These libraries are necessary for verifying JWTs and optionally fetching public keys from Eartho's servers for signature verification.

pip install PyJWT requests cryptography

Step 2: Configure Your Web Server

Assuming you're using Flask, set up a basic server. If you're using another framework, the setup will be similar but may require different syntax.

from flask import Flask, request, jsonify
app = Flask(__name__)

Step 3: Define a Route to Verify Eartho Tokens

Create a protected route that requires a valid JWT for access. You'll extract the JWT from the Authorization header, verify it, and then proceed based on the verification result.

import jwt
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
import requests
from flask import Flask, jsonify

# Your Eartho project's JWT configuration
EARTHO_ISSUER = 'https://one.eartho.world/'
EARTHO_AUDIENCE = '<EARTHO_CLIENT_ID>' # Take it from the security tab in creator.eartho.io
EARTHO_PUBLIC_KEY = '<EARTHO_SECREY_KEY>' # Take it from the security tab in creator.eartho.io

app = Flask(__name__)

def load_public_key():
    """Load Eartho public key"""
    return serialization.load_pem_public_key(EARTHO_PUBLIC_KEY.encode(), backend=default_backend())

def token_required(token):
    """Decorator for protected routes"""
    public_key = load_public_key()

    try:
        decoded = jwt.decode(token, public_key, algorithms=["RS256"], audience=EARTHO_AUDIENCE, issuer=EARTHO_ISSUER)
        return decoded
    except jwt.ExpiredSignatureError:
        return {'message': 'Token expired!'}
    except jwt.InvalidTokenError as e:
        return {'message': 'Invalid token!', 'error': str(e)}

    return {'message': 'Invalid token!', 'error': str('')}

@app.route('/protected', methods=['GET'])
def protected():
    token = request.headers.get('Authorization')
    if not token:
        return jsonify({'message': 'Token is missing!'}), 401

    token = token.split(" ")[1]  # Removing 'Bearer' from token string
    decoded_token = token_required(token)

    if 'message' in decoded_token:
        return jsonify(decoded_token), 401

    return jsonify({'message': 'This is a protected route.', 'user': decoded_token})

def main():
    # Simulating request to the protected route
    valid_token = "YOUR_VALID_TOKEN"
    headers = {'Authorization': f'Bearer {valid_token}'}
    response = requests.get('http://127.0.0.1:5000/protected', headers=headers)
    print(response.json())

if __name__ == "__main__":
    main()

This plugin adds support for using JWT in Elysia handler

Install with:

bash

bun add @elysiajs/jwt

Then use it:

typescript

import { Elysia } from 'elysia'
import { jwt } from '@elysiajs/jwt'

const app = new Elysia()
    .use(
        jwt({
            name: 'jwt',
            secret: 'Fischl von Luftschloss Narfidort'
        })
    )
    .get('/sign/:name', async ({ jwt, cookie: { auth }, params }) => {
        auth.set({
            value: await jwt.sign(params),
            httpOnly: true,
            maxAge: 7 * 86400,
            path: '/profile',
        })

        return `Sign in as ${auth.value}`
    })
    .get('/profile', async ({ jwt, set, cookie: { auth } }) => {
        const profile = await jwt.verify(auth.value)

        if (!profile) {
            set.status = 401
            return 'Unauthorized'
        }

        return `Hello ${profile.name}`
    })
    .listen(3000)

Below is a guide for setting up user authentication in a Rust server application using JWTs with the jsonwebtoken crate. This will help you secure API routes.

Step 1: Set Up Your Rust Environment Make sure that your Rust environment is correctly set up, including Cargo, Rust’s package manager and build system. If Rust is not installed, visit the official Rust website for installation instructions.

Step 2: Add Dependencies Add the jsonwebtoken crate along with serde and warp to handle the web server functionality and JWT parsing. Update your Cargo.toml as follows:

[dependencies]
jsonwebtoken = "7"
serde = { version = "1.0", features = ["derive"] }
warp = "0.3"
tokio = { version = "1", features = ["full"] }

Step 3: Define JWT Secret and Claims Struct In your main Rust file (main.rs), define a secret key for JWT signing and a struct to represent the claims:

use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
use serde::{Deserialize, Serialize};

#[derive(Debug, Serialize, Deserialize)]
struct Claims {
    sub: String,  // Subject (who this token is about)
    company: String,
    exp: usize,  // Expiration time (as seconds since the Unix epoch)
}

const SECRET_KEY: &str = "your_secret_key_here";

Step 4: Token Verification Function Implement a function to verify the JWT token from the Authorization header:

fn verify_token(token: &str) -> Result

Step 1: Install the jwt gem First, install the jwt gem using RubyGems. If you haven't already installed RubyGems, you can install it from https://rubygems.org/pages/download.

gem install jwt

This command will install the jwt gem, which provides functionality for encoding and decoding JSON Web Tokens (JWTs) in Ruby applications.

Step 2: Configure Your Web Server Assuming you're using a Ruby web framework like Sinatra or Ruby on Rails, set up a basic server. If you're using another framework, the setup will be similar but may require different syntax.

require 'sinatra'

# Assuming you're using Sinatra
get '/' do
  'Hello, world!'
end

Step 3: Define a Route to Verify Eartho Tokens Create a protected route that requires a valid JWT for access. You'll extract the JWT from the Authorization header, verify it, and then proceed based on the verification result.

require 'sinatra'
require 'jwt'

# Your Eartho project's JWT configuration
EARTHO_ISSUER = 'https://one.eartho.world/'
EARTHO_AUDIENCE = ''
EARTHO_PUBLIC_KEY = ""

def load_public_key
  # Load Eartho public key
  OpenSSL::PKey.read(EARTHO_PUBLIC_KEY)
end

def token_required(token)
  public_key = load_public_key

  begin
    decoded = JWT.decode(token, public_key, true, { algorithm: 'RS256', audience: EARTHO_AUDIENCE, iss: EARTHO_ISSUER })
    decoded.first
  rescue JWT::ExpiredSignature
    { 'message' => 'Token expired!' }
  rescue JWT::DecodeError
    { 'message' => 'Invalid token!' }
  end
end

get '/protected' do
  token = request.env['HTTP_AUTHORIZATION']
  return { 'message' => 'Token is missing!' }.to_json if token.nil?

  token = token.split(' ').last  # Removing 'Bearer' from token string
  decoded_token = token_required(token)

  return decoded_token.to_json if decoded_token.is_a? Hash

  { 'message' => 'This is a protected route.', 'user' => decoded_token }.to_json
end

This code defines a route '/protected' that expects a JWT token in the Authorization header. It verifies the token using the provided Eartho public key and returns the decoded token if valid.

This is a basic setup for verifying JWT tokens in a Ruby web application. Depending on your specific requirements and framework, you may need to adjust the implementation accordingly.

Step 1: Install Packages First, install the necessary NuGet packages for JWT token handling. You'll need the System.IdentityModel.Tokens.Jwt package for JWT functionality and Microsoft.AspNetCore.Authentication.JwtBearer for handling JWT-based authentication in ASP.NET Core applications.

dotnet add package System.IdentityModel.Tokens.Jwt
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer

Step 2: Configure Your ASP.NET Core Application In your ASP.NET Core application, configure JWT authentication in the Startup.cs file. Add the necessary services and middleware to enable JWT-based authentication.

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using System.Text;

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        // Add JWT authentication
        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = "JwtBearer";
            options.DefaultChallengeScheme = "JwtBearer";
        }).AddJwtBearer("JwtBearer", jwtBearerOptions =>
        {
            jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your_secret_key_here")),
                ValidateIssuer = true,
                ValidIssuer = "https://one.eartho.world/",
                ValidateAudience = false, // Change to true if you want to validate the audience
                //ValidAudience = "", // Set your audience here if you want to validate it
                ValidateLifetime = true // Change to false if you don't want to validate the token's lifetime
            };
        });

        services.AddControllers();
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseRouting();

        // Enable authentication
        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });
    }
}

Step 3: Define a Controller to Verify Eartho Tokens Create a controller with a protected route that requires a valid JWT for access. Extract the JWT from the Authorization header, verify it, and then proceed based on the verification result.

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Text;

[Route("[controller]")]
[ApiController]
public class ProtectedController : ControllerBase
{
    private readonly string _issuer = "https://one.eartho.world/";

    [HttpGet]
    [Authorize]
    public IActionResult Get()
    {
        var token = HttpContext.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
        var tokenHandler = new JwtSecurityTokenHandler();

        try
        {
            var key = Encoding.ASCII.GetBytes("your_secret_key_here");
            tokenHandler.ValidateToken(token, new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = true,
                ValidIssuer = _issuer,
                ValidateAudience = false, // Change to true if you want to validate the audience
                //ValidAudience = "", // Set your audience here if you want to validate it
                ValidateLifetime = true // Change to false if you don't want to validate the token's lifetime
            }, out var validatedToken);

            var jwtToken = (JwtSecurityToken)validatedToken;
            var user = new
            {
                Name = jwtToken.Subject
            };

            return Ok(new { Message = "This is a protected route.", User = user });
        }
        catch (Exception ex)
        {
            return Unauthorized(new { Message = "Invalid token!", Error = ex.Message });
        }
    }
}

This code defines a controller with a route '/protected' that expects a JWT token in the Authorization header. It verifies the token using the provided secret key and returns the decoded token if valid.

These are the basic steps to set up JWT token verification in a C# ASP.NET Core application. You may need to adjust the implementation according to your specific requirements and architecture.

Step 1: Install JWT Library

First, install the JWT library using Composer. If you don't already have Composer, you can install it from https://getcomposer.org. Run the following command to install the required libraries:

bashCopy codecomposer require lcobucci/jwt guzzlehttp/guzzle

Step 2: Configure Your Web Server

Assuming you're using a basic PHP setup with Apache or Nginx, create a basic PHP script for your server.

Step 3: Define a Function to Verify Eartho Tokens

Create a script to handle JWT verification. Here's an example script:

phpCopy code<?php

require 'vendor/autoload.php'; // Load Composer's autoloader

use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Validation\Constraint\IssuedBy;
use Lcobucci\JWT\Validation\Constraint\PermittedFor;
use Lcobucci\JWT\Validation\Constraint\SignedWith;

define('EARTHO_ISSUER', 'https://one.eartho.world/');
define('EARTHO_AUDIENCE', '<EARTHO_CLIENT_ID>'); // Take it from the security tab in creator.eartho.io
define('EARTHO_PUBLIC_KEY', '<EARTHO_PUBLIC_KEY>'); // Take it from the security tab in creator.eartho.io

function load_public_key() {
    // Load Eartho public key
    return file_get_contents(EARTHO_PUBLIC_KEY);
}

function token_required($token) {
    // Function to verify JWT
    $public_key = load_public_key();

    $config = Configuration::forAsymmetricSigner(
        new Sha256(),
        InMemory::plainText(''), // Empty private key as we are not signing
        InMemory::plainText($public_key)
    );

    $token = $config->parser()->parse($token);

    $constraints = [
        new IssuedBy(EARTHO_ISSUER),
        new PermittedFor(EARTHO_AUDIENCE),
        new SignedWith($config->signer(), InMemory::plainText($public_key))
    ];

    if (!$config->validator()->validate($token, ...$constraints)) {
        return ['message' => 'Invalid token!'];
    }

    return $token->claims()->all();
}

// Step 4: Create a Protected Route
if ($_SERVER['REQUEST_METHOD'] === 'GET' && $_SERVER['REQUEST_URI'] === '/protected') {
    $headers = apache_request_headers();
    if (!isset($headers['Authorization'])) {
        header('Content-Type: application/json');
        http_response_code(401);
        echo json_encode(['message' => 'Token is missing!']);
        exit;
    }

    $token = str_replace('Bearer ', '', $headers['Authorization']);
    $decoded_token = token_required($token);

    if (isset($decoded_token['message'])) {
        header('Content-Type: application/json');
        http_response_code(401);
        echo json_encode($decoded_token);
        exit;
    }

    header('Content-Type: application/json');
    echo json_encode(['message' => 'This is a protected route.', 'user' => $decoded_token]);
    exit;
}

?>

PreviousChrome Extensions NextExamples

Last updated 5 months ago

const {EarthoOne} = require('@eartho/one-server-node'); const serverEarthoOneOptions = { clientId: "client id", clientSecret: "secret key" } const serverEarthoOne = new EarthoOne(serverEarthoOneOptions); //Or check by yourself getEarthoOne() .getVerifiedUser(idToken) .then((decodedToken) => { const uid = decodedToken.uid; const displayName = decodedToken.displayName; const email = decodedToken.email; const photoURL = decodedToken.photoURL; // ... }) .catch((error) => { // Handle error });

goCopy codepackage main import ( "fmt" "net/http" // Import the JWT package or Eartho SDK package here "github.com/dgrijalva/jwt-go" // Assuming `github.com/dgrijalva/jwt-go` is the JWT handler )

goCopy codefunc verifyToken(w http.ResponseWriter, r *http.Request) { // Extract the token from the Authorization header authHeader := r.Header.Get("Authorization") tokenString := // Extract the token from authHeader // Verify the token token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { // Validate the alg is what you expect: if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } // Return the secret key or public key against which to verify the token // For example, return []byte("your-verification-key"), nil }) if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { // Token is valid, and you can extract claims // For example, userID := claims["uid"].(string) } else { // Handle invalid token } }

import jwt from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization import requests from flask import Flask, jsonify # Your Eartho project's JWT configuration EARTHO_ISSUER = 'https://one.eartho.world/' EARTHO_AUDIENCE = '<EARTHO_CLIENT_ID>' # Take it from the security tab in creator.eartho.io EARTHO_PUBLIC_KEY = '<EARTHO_SECREY_KEY>' # Take it from the security tab in creator.eartho.io app = Flask(__name__) def load_public_key(): """Load Eartho public key""" return serialization.load_pem_public_key(EARTHO_PUBLIC_KEY.encode(), backend=default_backend()) def token_required(token): """Decorator for protected routes""" public_key = load_public_key() try: decoded = jwt.decode(token, public_key, algorithms=["RS256"], audience=EARTHO_AUDIENCE, issuer=EARTHO_ISSUER) return decoded except jwt.ExpiredSignatureError: return {'message': 'Token expired!'} except jwt.InvalidTokenError as e: return {'message': 'Invalid token!', 'error': str(e)} return {'message': 'Invalid token!', 'error': str('')} @app.route('/protected', methods=['GET']) def protected(): token = request.headers.get('Authorization') if not token: return jsonify({'message': 'Token is missing!'}), 401 token = token.split(" ")[1] # Removing 'Bearer' from token string decoded_token = token_required(token) if 'message' in decoded_token: return jsonify(decoded_token), 401 return jsonify({'message': 'This is a protected route.', 'user': decoded_token}) def main(): # Simulating request to the protected route valid_token = "YOUR_VALID_TOKEN" headers = {'Authorization': f'Bearer {valid_token}'} response = requests.get('http://127.0.0.1:5000/protected', headers=headers) print(response.json()) if __name__ == "__main__": main()

import { Elysia } from 'elysia' import { jwt } from '@elysiajs/jwt' const app = new Elysia() .use( jwt({ name: 'jwt', secret: 'Fischl von Luftschloss Narfidort' }) ) .get('/sign/:name', async ({ jwt, cookie: { auth }, params }) => { auth.set({ value: await jwt.sign(params), httpOnly: true, maxAge: 7 * 86400, path: '/profile', }) return `Sign in as ${auth.value}` }) .get('/profile', async ({ jwt, set, cookie: { auth } }) => { const profile = await jwt.verify(auth.value) if (!profile) { set.status = 401 return 'Unauthorized' } return `Hello ${profile.name}` }) .listen(3000)

use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation}; use serde::{Deserialize, Serialize}; #[derive(Debug, Serialize, Deserialize)] struct Claims { sub: String, // Subject (who this token is about) company: String, exp: usize, // Expiration time (as seconds since the Unix epoch) } const SECRET_KEY: &str = "your_secret_key_here";

require 'sinatra' require 'jwt' # Your Eartho project's JWT configuration EARTHO_ISSUER = 'https://one.eartho.world/' EARTHO_AUDIENCE = '' EARTHO_PUBLIC_KEY = "" def load_public_key # Load Eartho public key OpenSSL::PKey.read(EARTHO_PUBLIC_KEY) end def token_required(token) public_key = load_public_key begin decoded = JWT.decode(token, public_key, true, { algorithm: 'RS256', audience: EARTHO_AUDIENCE, iss: EARTHO_ISSUER }) decoded.first rescue JWT::ExpiredSignature { 'message' => 'Token expired!' } rescue JWT::DecodeError { 'message' => 'Invalid token!' } end end get '/protected' do token = request.env['HTTP_AUTHORIZATION'] return { 'message' => 'Token is missing!' }.to_json if token.nil? token = token.split(' ').last # Removing 'Bearer' from token string decoded_token = token_required(token) return decoded_token.to_json if decoded_token.is_a? Hash { 'message' => 'This is a protected route.', 'user' => decoded_token }.to_json end

using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.IdentityModel.Tokens; using System.Text; public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } public void ConfigureServices(IServiceCollection services) { // Add JWT authentication services.AddAuthentication(options => { options.DefaultAuthenticateScheme = "JwtBearer"; options.DefaultChallengeScheme = "JwtBearer"; }).AddJwtBearer("JwtBearer", jwtBearerOptions => { jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your_secret_key_here")), ValidateIssuer = true, ValidIssuer = "https://one.eartho.world/", ValidateAudience = false, // Change to true if you want to validate the audience //ValidAudience = "", // Set your audience here if you want to validate it ValidateLifetime = true // Change to false if you don't want to validate the token's lifetime }; }); services.AddControllers(); } public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); // Enable authentication app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } }

using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.IdentityModel.Tokens; using System; using System.IdentityModel.Tokens.Jwt; using System.Text; [Route("[controller]")] [ApiController] public class ProtectedController : ControllerBase { private readonly string _issuer = "https://one.eartho.world/"; [HttpGet] [Authorize] public IActionResult Get() { var token = HttpContext.Request.Headers["Authorization"].ToString().Replace("Bearer ", ""); var tokenHandler = new JwtSecurityTokenHandler(); try { var key = Encoding.ASCII.GetBytes("your_secret_key_here"); tokenHandler.ValidateToken(token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = true, ValidIssuer = _issuer, ValidateAudience = false, // Change to true if you want to validate the audience //ValidAudience = "", // Set your audience here if you want to validate it ValidateLifetime = true // Change to false if you don't want to validate the token's lifetime }, out var validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; var user = new { Name = jwtToken.Subject }; return Ok(new { Message = "This is a protected route.", User = user }); } catch (Exception ex) { return Unauthorized(new { Message = "Invalid token!", Error = ex.Message }); } } }

phpCopy code<?php require 'vendor/autoload.php'; // Load Composer's autoloader use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Rsa\Sha256; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Validation\Constraint\IssuedBy; use Lcobucci\JWT\Validation\Constraint\PermittedFor; use Lcobucci\JWT\Validation\Constraint\SignedWith; define('EARTHO_ISSUER', 'https://one.eartho.world/'); define('EARTHO_AUDIENCE', '<EARTHO_CLIENT_ID>'); // Take it from the security tab in creator.eartho.io define('EARTHO_PUBLIC_KEY', '<EARTHO_PUBLIC_KEY>'); // Take it from the security tab in creator.eartho.io function load_public_key() { // Load Eartho public key return file_get_contents(EARTHO_PUBLIC_KEY); } function token_required($token) { // Function to verify JWT $public_key = load_public_key(); $config = Configuration::forAsymmetricSigner( new Sha256(), InMemory::plainText(''), // Empty private key as we are not signing InMemory::plainText($public_key) ); $token = $config->parser()->parse($token); $constraints = [ new IssuedBy(EARTHO_ISSUER), new PermittedFor(EARTHO_AUDIENCE), new SignedWith($config->signer(), InMemory::plainText($public_key)) ]; if (!$config->validator()->validate($token, ...$constraints)) { return ['message' => 'Invalid token!']; } return $token->claims()->all(); } // Step 4: Create a Protected Route if ($_SERVER['REQUEST_METHOD'] === 'GET' && $_SERVER['REQUEST_URI'] === '/protected') { $headers = apache_request_headers(); if (!isset($headers['Authorization'])) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['message' => 'Token is missing!']); exit; } $token = str_replace('Bearer ', '', $headers['Authorization']); $decoded_token = token_required($token); if (isset($decoded_token['message'])) { header('Content-Type: application/json'); http_response_code(401); echo json_encode($decoded_token); exit; } header('Content-Type: application/json'); echo json_encode(['message' => 'This is a protected route.', 'user' => $decoded_token]); exit; } ?>