JWT Authentication with Node.js
JSON Web Token is an open standard for securely transferring data within parties using a JSON object. JWT is used for stateless authentication mechanisms for users and providers, this means maintaining sessions on the client side instead of storing sessions on the server. Here, we will implement the JWT authentication system in NodeJs.
Table of Content
- What is JWT?
- How JWT Works
- Steps to Installation of the Express Module
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
How JWT Works
A JWT consists of three parts: Header, Payload, and Signature.
Header
The header typically consists of two parts: the type of token (JWT) and the signing algorithm being used, such as HMAC SHA256 or RSA.
{
"alg": "HS256",
"typ": "JWT"
}
Payload
The payload contains the claims, which are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}
Signature
To create the signature part, you have to take the encoded header, the encoded payload, a secret, and the algorithm specified in the header and sign that.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret)
Steps to Installation of the Express Module
Step 1: Run the following commands to initialize the project and create an index file & env file. (Make sure you have node and npm installed)
npm init -y
Step 2: Installing required packages
npm install express dotenv jsonwebtoken
Step 3: Create our ServerImporting all the dependencies and creating a server using express.js
Step 4: Create Configuration File (.env) This files contains those variables that we need to pass to our application’s environment.
PORT = 5000
JWT_SECRET_KEY = gfg_jwt_secret_key
TOKEN_HEADER_KEY = gfg_token_header_key
Step 5: Create Route for Generating JWTCreating a ‘post’ request that sends the JWT token in the response.
Step 6: Create Route for Validating JWT Creating a ‘get’ request that contains the JWT token in the header and sends verification status as a response.
Project Structure:
Project Structure
The updated dependencies in package.json file will look like:
"dependencies": {
"dotenv": "^16.4.5",
"express": "^4.19.2",
"jsonwebtoken": "^9.0.2"
}
Example: Below is the code example of the JWT Authentication with Node JS
const express = require('express');
const dotenv = require('dotenv');
const jwt = require('jsonwebtoken');
const app = express();
// Set up Global configuration access
dotenv.config();
let PORT = process.env.PORT || 5000;
app.listen(PORT, () => {
console.log(`Server is up and running on ${PORT} ...`);
});
// Main Code Here //
// Generating JWT
app.post("/user/generateToken", (req, res) => {
// Validate User Here
// Then generate JWT Token
let jwtSecretKey = process.env.JWT_SECRET_KEY;
let data = {
time: Date(),
userId: 12,
}
const token = jwt.sign(data, jwtSecretKey);
res.send(token);
});
// Verification of JWT
app.get("/user/validateToken", (req, res) => {
// Tokens are generally passed in header of request
// Due to security reasons.
let tokenHeaderKey = process.env.TOKEN_HEADER_KEY;
let jwtSecretKey = process.env.JWT_SECRET_KEY;
try {
const token = req.header(tokenHeaderKey);
const verified = jwt.verify(token, jwtSecretKey);
if (verified) {
return res.send("Successfully Verified");
} else {
// Access Denied
return res.status(401).send(error);
}
} catch (error) {
// Access Denied
return res.status(401).send(error);
}
});
Steps to Run the Server
node app.js
Output: Send Requests and Get Output
POST Request:
POST Response:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aW1lIjoiTW9uIEp
hbiAxOCAyMDIxIDE2OjM2OjU3IEdNVCswNTMwIChJbmRpYSBT
dGFuZGFyZCBU aW1lKSIsInVzZXJJZCI6MTIsImlhdCI6MTYxMDk2O
DAxN30.QmWFjXhP6YtbzDAHlcE7mDMyXIdnTv1c9xOBCakNZ94
GET Request:
GET Request Header:
GET Response:
Successfully Verified