Hey all, today we are going to learn about the emplimentation of json web token in nodejs. And also explain in detail what JSON Web Token is and how it can be userd for the user authentication.
Lets understand the basic detail of JWT
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
JSON Web Tokens consist of three parts which contains encoded data, separated by dots (.), which are:
Therefore, a JWT typically looks like the following.
How JSON Web Token actually works for User Authentication
JWT is a stateless authentication mechanism where user’s state is never saved anywhere in the server. The server will check for a valid JWT in the Authorization header, and if it’s present, the user will be allowed to access protected resources. JWT contains all the information within itself.
Normal working flow in any application, when user logins using valid credentials then server returns a JSON Web Token which contains its validity and all information itslelf. So for all further API jwt is passes as a header param in any API. If jwt autheticates successfully then request completes otherwise error throws in response.
Now lets discuss the emplimentation in our nodejs app.
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node server.js"
"author": "Suraj Roy",
In the above file we have our basic dependencies of the demo which we are going to create . Now we will set up our mongodb set up, so let's have a look on db config file
In the above file we have set the authentication related task, And in the constant appRoutes we have two keys, first public routes in which we pass the api methods which don;t need any authentication and in the second key userRoutes we have stored the name of apis which needs the authentication. And below jwt authentication works accoringly so that jwt will be checked in apis which are stored under userRoutes key.
These were the main points regarding the JSON Web Token, full working source code can be downloaded from this site. Let's have a look how we can check the emplimentation in the api with the screenshots of postman.
1. sign-up(header passed in below api [Content-Type:application/json])
User has been registered successfully. Now come to the next step where user will login to get the JSON Web Token(header passed in below api [Content-Type:application/json]).
In the above screenshot we can see token has been returned from the login API. Now in the next api where jwt is authenticated to complete the request.( header passed in below api [Content-Type:application/json,
Pretty cool! Finally, our task completes here.
That’s all for now. Thank you for reading and I hope this post will be very helpful.
Let me know your thoughts over the email firstname.lastname@example.org. I would love to hear them and If you like this article, share with your friends.