// Middleware to protect integrated modules function requireAuth(req, res, next) const token = req.headers.authorization?.split(' ')[1]; try const decoded = jwt.verify(token, process.env.JWT_SECRET); req.user = decoded; next(); catch res.status(401).json( error: 'Invalid or expired token' );
Request:
"access_token": "jwt...", "refresh_token": "ref...", "expires_in": 3600, "user": "id": "uuid", "role": "student", "name": "Aarav Sharma" integrated emis login
Authorization: Bearer <same_jwt_from_login> next) const token = req.headers.authorization?.split(' ')[1]
"identifier": "student@school.edu", "password": "secure123", "device_id": "optional" try const decoded = jwt.verify(token
Response:
Each sub-system (fees, attendance, etc.) validates the same JWT: