The goal of this project is to implement authentication with JWT tokens and demonstrate their security features.
To start the applications using Docker Compose, run:
docker-compose up --build
This will launch two services:
-
JwtProducer: This service provides an API to generate JWT tokens for authorized users.
-
JwtConsumer: This service offers an API to access user data and uses a JWT token to authorize requests.
Both services utilize predefined key pairs for signing and verifying JWT tokens: key.pem
and public.pem
.
To explore the project and understand JWT token usage, perform the following tasks:
- Acquire a JWT token from the JwtProducer app using valid user credentials.
- Use the obtained JWT token to request data from the JwtConsumer app.
- Perform requests using both Admin and ordinary user roles and describe your observations.
- As the token's lifespan is set to only 1 minute, attempt to change the payload of the token, modify the expiration date, and use it again to request data.
- Utilize the provided helper script to create a valid JWT token and try it.
To stop the applications, run:
docker-compose down