This example uses NodeJS with TypeScript support and ExpressJS to set up an app with two endpoints:
/: can be accessed without an active Ory Session;
/public: can be accessed without an active Ory Session;
/protected: can only be accessed after registration / login - with an active Ory Session.
You can find this example's source code on GitHub.
To get started open a new terminal and set the environment variables:
ORY_ACCESS_TOKEN: Use a personal access token here;
ORY_PROJECT_URL: Use the Project URL which you can find on the "Services & APIs" page of your project.
To get started, check out the example's source code, install the node packages, and run the app:
Open another terminal and copy set the
ORY_ACCESS_TOKEN env var to your
Personal Access Token:
Next, run the Ory Proxy with
--protect-path-prefix /protected: only the path /protected needs a valid Ory Session;
--port 4000: the port on which the proxy should listen on;
http://localhost:8000/: the host and port of the NodeJS app you are protecting.
Your operating system will prompt you for your administrative password. The Ory Proxy sets up a temporary SSL certificate in your operating system's certificate store to enable HTTPS integration.
The registration of the self-signed SSL certificate works only in Chrome and Safari but not yet in Firefox. Also, programming languages like Golang, NodeJS, and others often do not respect the operating system certificate store. In those cases, you must disable TLS verification. This is not an issue in production!
To see what the app can do, open it at the original endpoints:
The second URL
/protected will greet you with an error because no Ory Session
However, if you open the URL through the proxy at https://localhost:4000/protected, your browser will be redirected to a login screen! Once you created an account or signed in, the application will show information about the session:
To get the app integrated with Ory, we use the following
@ory/clientcontains the Ory SDK. While not needed, the app includes an example of how to set up the SDK and use it;
dotenvloads environment variables from a
express-jwtis an express middleware for JWTs;
jwks-rsaa library to load the cryptographic keys for verifying JWTs using a remote URL.
Let's take a look at the annotated code!
Great! You've made it! Integrating Ory is easy and straight forward. There are many more things to come, and we are excited to have you on board!