Skip to content

token-binding-check

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

token-binding-check

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.env.example
.env.example
 
 
README.md
README.md
 
 
hello-server-protected.js
hello-server-protected.js
 
 
package.json
package.json
 
 

README.md

Approov Token Binding Integration Example

This Approov integration example is from where the code example for the Approov token binding check quickstart is extracted, and you can use it as a playground to better understand how simple and easy it is to implement Approov in a NodeJS Express API server.

TOC - Table of Contents

Why?

To lock down your API server to your mobile app. Please read the brief summary in the Approov Overview at the root of this repo or visit our website for more details.

TOC

How it works?

The NodeJS Express API server is very simple and is defined in the file src/approov-protected-server/token-binding-check/hello_server_protected.js. Take a look at the verifyApproovToken() and verifyApproovTokenBinding() functions to see the simple code for the checks.

For more background on Approov, see the Approov Overview at the root of this repo.

TOC

Requirements

To run this example you will need to have installed:

TOC

Setup Env File

From /servers/hello/src/approov-protected-server/token-check execute the following:

cp .env.example .env

Edit the .env file and add the dummy secret to it in order to be able to test the Approov integration with the provided Postman collection.

TOC

Try the Approov Integration Example

First, you need to set the dummy secret in the /servers/hello/src/approov-protected-server/token-binding-check/.env file as explained here.

Second, you need to install the dependencies. From the /servers/hello/src/approov-protected-server/token-check folder execute:

npm install

Now, you can run this example from the /servers/hello/src/approov-protected-server/token-check folder with:

npm start

Next, you can test that it works with:

curl -iX GET 'http://localhost:8002'

The response will be a 401 unauthorized request:

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Content-Length: 2
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Date: Wed, 16 Mar 2022 19:59:24 GMT
Connection: keep-alive
Keep-Alive: timeout=5

{}

The reason you got a 401 is because no Approoov token isn't provided in the headers of the request.

Finally, you can test that the Approov integration example works as expected with this Postman collection or with some cURL requests examples.

TOC

Issues

If you find any issue while following our instructions then just report it here, with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.

TOC

Useful Links

If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point:

TOC