Express authorization middleware

Many applications require some form of authorization mechanism to prevent users from accessing restricted content. Authenticated users are commonly in possession of a cookie containing identification data. With the authentication microservice that I designed, this cookie contains a JWT that contains the user's username. This JWT is sent in the authorization header of HTTP requests. Thus, authorization can be performed easily within each application by simply decoding the JWT. To do so, I designed this simple middleware for ExpressJS.

Its content is fairly straightforward: if a JWT is present in the authorization header, it is sent using an HTTP POST request to the authentication microservice which decodes it. If the JWT is valid, the authentication microservice responds with the user information, allowing the application to decide wether the user should be allowed in or not.

Source code available on GitHub

Available as an NPM package