Go Full-Stack With Node.js, Express, and MongoDB

Table des matières

Create Authentication Tokens

#Create Authentication Tokens

Let's create authentication tokens in the coming video!

To create and verify authentication tokens, you will need a new package:

npm install jsonwebtoken

Then import it in your user controller:

const jwt = require('jsonwebtoken');

And use it in your login function:

exports.login = (req, res, next) => {
  User.findOne({ email: req.body.email }).then(
    (user) => {
      if (!user) {
        return res.status(401).json({
          error: new Error('User not found!')
        });
      }
      bcrypt.compare(req.body.password, user.password).then(
        (valid) => {
          if (!valid) {
            return res.status(401).json({
              error: new Error('Incorrect password!')
            });
          }
          const token = jwt.sign(
            { userId: user._id },
            'RANDOM_TOKEN_SECRET',
            { expiresIn: '24h' });
          res.status(200).json({
            userId: user._id,
            token: token
          });
        }
      ).catch(
        (error) => {
          res.status(500).json({
            error: error
          });
        }
      );
    }
  ).catch(
    (error) => {
      res.status(500).json({
        error: error
      });
    }
  );
}

Here:

Use jsonwebtoken's sign function to encode a new token.
That token contains the user's ID as a payload.
Use a temporary development secret string to encode your token (to be replaced with a much longer, random string for production).
Set the token's validity time to 24 hours.
Send the token back to the front end with your response.

You can now use the Chrome DevTools Network tab to check that, once logged in, every request coming from the front end contains an "Authorization" header, with the keyword "Bearer" and a long encoded string. This is your token.

#Let's Recap!

JSON web tokens are encoded tokens that can be used for authorization.
The jsonwebtoken package's sign() method uses a secret key to encode a token which can contain a custom payload and be valid for a limited time.

In the next and final chapter of this part, you will create a piece of middleware to check for and verify this token and its contents to ensure that only authorized requests get access to the routes you want to protect.

Avez-vous une suggestion pour nous ?

Et si vous obteniez un diplôme OpenClassrooms ?

Formations jusqu’à 100 % financées
Date de début flexible
Projets professionnalisants
Mentorat individuel

Trouvez la formation et le financement faits pour vous

Être orienté Comparez nos types de formation

Table des matières

Build a Simple Express Server

Get the Most out of This Course

Set Up Your Coding Environment

Start a Node Server

Create an Express App

Create a GET Route

Create a POST Route

Quiz : Are You Ready to Create a Basic Express Web Server?

Build a RESTful API

Set Up Your Database

Create a Data Schema

Save and Retrieve Data

Complete the CRUD With Update and Delete

Quiz : Can you implement CRUD?

Make Your API Secure

Optimize the Back End's Structure

Prepare the Database for Authentication Info

Create New Users

Check a User's Credentials

Create Authentication Tokens

Set Up Authentication Middleware

Quiz : Are You Ready to Secure Your API?

Add Image Upload to Your API

Accept Incoming Files With Multer

Modify Routes to Take Files Into Account

Expand the Back End's Delete Function

Quiz : Are You Ready to Handle User Files?

Create Authentication Tokens

#Create Authentication Tokens

#Let's Recap!