JSON Web Token (JWT) Authentication in Node.js

This article provides a guide on how to use JSON Web Tokens (JWT) for user authentication in a Node.js application. JWT is a secure and popular way to protect APIs by transmitting user authentication information between the server and the client.

In this article, we will learn how to integrate JSON Web Tokens (JWT) into a Node.js application for user authentication. We'll use the jsonwebtoken library to create, sign, and verify JWTs. JWT is a powerful security technique to safeguard APIs in web applications.

Node.js Code:

// Install necessary libraries
const express = require('express');
const jwt = require('jsonwebtoken');

const app = express();
app.use(express.json());

// Secret key to sign JWT (should not be exposed)
const secretKey = 'your_secret_key';

// Route to handle login and issue JWT
app.post('/login', (req, res) => {
    const { username, password } = req.body;

    // Check login credentials (assuming correct)
    if (username === 'user' && password === 'password') {
        // Create a JWT
        const token = jwt.sign({ username }, secretKey, { expiresIn: '1h' });
        res.json({ token });
    } else {
        res.status(401).send('Invalid login credentials!');
    }
});

// JWT authentication middleware
function authenticateToken(req, res, next) {
    const token = req.headers['authorization'];
    if (!token) return res.status(403).send('Token not found.');

    jwt.verify(token, secretKey, (err, user) => {
        if (err) return res.status(403).send('Invalid token.');
        req.user = user;
        next();
    });
}

// Protected route that can only be accessed with a valid JWT
app.get('/protected', authenticateToken, (req, res) => {
    res.send(`Hello, ${req.user.username}. You have successfully accessed the protected route.`);
});

// Start server
app.listen(3000, () => {
    console.log('Server is running on port 3000');
});

Detailed explanation:

  1. const express = require('express');: Import the express library to create a web application.
  2. const jwt = require('jsonwebtoken');: Import the jsonwebtoken library to work with JWTs.
  3. const secretKey = 'your_secret_key';: Secret key for signing the JWT (replace with a secure value).
  4. app.post('/login', ...): Define the /login route to handle login and return a JWT when credentials are correct.
  5. jwt.sign(...): Create a new JWT with a payload containing user information.
  6. authenticateToken(...): Middleware to check and verify JWT.
  7. jwt.verify(...): Verify the JWT and check its validity.
  8. app.get('/protected', ...): A protected route that can only be accessed with a valid JWT.

System requirements:

  • Node.js version 12.x or later.
  • Required libraries: express and jsonwebtoken.

How to install the libraries to run the code:

npm install express jsonwebtoken

Tips:

  • Store JWTs in HTTP Only Cookies or Local Storage and ensure encryption.
  • Always use HTTPS for transmitting JWTs to protect against man-in-the-middle attacks.

Related

How to SELECT data from a MySQL database using Node.js

A guide on how to use Prepared Statements in Node.js to query data from a MySQL database with multiple parameters safely and effectively.
Create a Simple Chat Application Using Socket.IO in Node.js

A detailed guide on how to create a simple chat application using Socket.IO in Node.js, allowing users to send and receive messages in real-time.
How to Post data to API Using Node.js

This article guides you on how to send JSON data to an API using the axios library in Node.js, making it easy to perform POST requests to a web service.
Creating Captcha in Node.js

A detailed guide on how to create Captcha in your Node.js application to protect your website from automated bots and enhance security.
How to Get JSON Data from API Using Node.js

This article guides you on how to retrieve JSON data from an API using the https module in Node.js, helping you better understand how to interact with web services.
How to automate website login using Selenium with Chrome in Node.js

A guide on how to use Selenium in Node.js to automate the login process for a website. The article will show how to set up the environment and write Node.js code to control Chrome.
How to INSERT data into a MySQL database using Node.js

A guide on how to use Prepared Statements in Node.js to insert data into a table in a MySQL database safely and effectively with multiple parameters.
How to DELETE data from a MySQL database using Node.js

A guide on how to use Prepared Statements in Node.js to delete data from a table in a MySQL database safely and effectively.  
How to Sign In with raw password when password stored in the database is hashed in Node.js

A guide on how to authenticate users signing in by comparing a raw password with the hashed password stored in the database. It demonstrates using `bcrypt` in Node.js to check if the raw password matches the hashed one.
How to UPDATE data in a MySQL database using Node.js

A guide on how to use Prepared Statements in Node.js to update data in a MySQL database table safely and effectively.
main.add_cart_success
main.view_cart_and_checkout