Ory supports server-side web apps natively. To get building, pick the technology you are using:
For more information on the Ory Cloud SDK and Services and please see the Services & APIs docs.
This example uses NodeJS with TypeScript support and ExpressJS to set up an app with two endpoints:
/: can be accessed without an active Ory Session;
/public: can be accessed without an active Ory Session;
/protected: can only be accessed after registration / login - with an active Ory Session.
You can find this example's source code on GitHub.
To get started open a new terminal and set the environment variables:
ORY_ACCESS_TOKEN: Use a personal access token here
export ORY_ACCESS_TOKEN=...# e.g.# export ORY_ACCESS_TOKEN=2123l8jJhSIYQZvfasd53YoRvcseg1
To get started, check out the example's source code, install the node packages, and run the app:
git clone https://github.com/ory/docs.gitcd docs/examples/typescript-expressnpm i export ORY_ACCESS_TOKEN=...# e.g.# export ORY_ACCESS_TOKEN=2123l8jJhSIYQZvfasd53YoRvcseg1 ## ATTENTION ### Node, similar to Firefox, does not use the Operating System Certificate store.# To get the self-signed SSL certificates working, we need to disable TLS Verification.# NEVER, EVER do this in a live system.export NODE_TLS_REJECT_UNAUTHORIZED=0 npm start
Open another terminal and copy set the
ORY_ACCESS_TOKEN env var to your
Personal Access Token:
Next, run the Ory Proxy with
--port 4000: the port on which the proxy should listen on;
http://localhost:8000/: the host and port of the NodeJS app you are protecting.
ory proxy local --port 4000 http://localhost:8000/
Your operating system will prompt you for your administrative password. The Ory Proxy sets up a temporary SSL certificate in your operating system's certificate store to enable HTTPS integration.
The registration of the self-signed SSL certificate works only in Chrome and Safari but not yet in Firefox. Also, programming languages like Golang, NodeJS, and others often do not respect the operating system certificate store. In those cases, you must disable TLS verification. This is not an issue in production!
To see what the app can do, open it at the original endpoints:
The second URL
/protected will greet you with an error because no Ory Session
However, if you open the URL through the proxy at https://localhost:4000/protected, your browser will be redirected to a login screen! Once you created an account or signed in, the application will show information about the session:
To get the app integrated with Ory, we use the following
@ory/clientcontains the Ory SDK. While not needed, the app includes an example of how to set up the SDK and use it;
dotenvloads environment variables from a
express-jwtis an express middleware for JWTs;
jwks-rsaa library to load the cryptographic keys for verifying JWTs using a remote URL.
Let's take a look at the annotated code!
All you need is a plain ExpressJS skeleton:
The Ory Session Cookie is converted to a JSON Web Token by
ory proxy local.
The cryptographic key to verify the JSON Web Token is available at
If the JSON Web Token is not available, or not valid, we redirect to the login:
The protected page is doing a few extra things, such as fetching the identity from Ory Cloud's Administrative APIs, and also creates a logout URL for the user:
Great! You've made it! Integrating Ory is easy and straight forward. There are many more things to come, and we are excited to have you on board!