Skip to content
Related Articles

Related Articles

JWT Authentication with NodeJS
  • Difficulty Level : Expert
  • Last Updated : 09 Feb, 2021
GeeksforGeeks - Summer Carnival Banner

JSON Web Token is an open standard for securely transferring data within parties using a JSON object. JWT is used for stateless authentication mechanisms for users and providers, this means maintaining session is on the client-side instead of storing sessions on the server. Here, we will implement the JWT authentication system in NodeJs.

Modules Required:

  • NodeJs: NodeJs for backend
  • dotenv: For handling configuration data
npm install dotenv
  • ExpressJS: ExpressJS for Handling routes.
  • jsonwebtoken module:
npm install jsonwebtoken

    All Steps:

  1. Create our project:

    To create a Node project, npm init -y is used in the folder in which the user wants to create a project. The npm command line will ask a number of questions like name, license, scripts, description, author, keywords, version, main file, etc. After npm is done creating the project, a package.json file will be visible in the project folder as proof that the project has been initialized.



    npm init -y

  2. Install modules

    After creating the project, next step is to incorporate the packages and modules to be used in the Node Project. To install packages and modules in the project use the following syntax:

    npm install express dotenv jsonwebtoken

  3. Create our Server

    Importing all the dependencies and creating a server using express.js

    Javascript




    const express = require('express');
    const dotenv = require('dotenv');
    const jwt = require('jsonwebtoken');
      
    const app = express();
      
    // Set up Global configuration access
    dotenv.config();
      
    let PORT = process.env.PORT || 5000;
    app.listen(PORT, () => {
      console.log(`Server is up and running on ${PORT} ...`);
    });
  4. Create Configuration File (.env)

    This files contains those variables that we need to pass to our application’s environment.

    Javascript






    PORT = 5000
      
    JWT_SECRET_KEY = gfg_jwt_secret_key
      
    TOKEN_HEADER_KEY = gfg_token_header_key
  5. Create Route for Generating JWT

    Creating a ‘post’ request that sends the JWT token in the response.

    Javascript




    app.post("/user/generateToken", (req, res) => {
        // Validate User Here
        // Then generate JWT Token
      
        let jwtSecretKey = process.env.JWT_SECRET_KEY;
        let data = {
            time: Date(),
            userId: 12,
        }
      
        const token = jwt.sign(data, jwtSecretKey);
      
        res.send(token);
    });
  6. Create Route for Validating JWT

    Creating a ‘get’ request that contains the JWT token in the header and sends verification status as a response.

    Javascript




    app.get("/user/validateToken", (req, res) => {
        // Tokens are generally passed in the header of the request
        // Due to security reasons.
      
        let tokenHeaderKey = process.env.TOKEN_HEADER_KEY;
        let jwtSecretKey = process.env.JWT_SECRET_KEY;
      
        try {
            const token = req.header(tokenHeaderKey);
      
            const verified = jwt.verify(token, jwtSecretKey);
            if(verified){
                return res.send("Successfully Verified");
            }else{
                // Access Denied
                return res.status(401).send(error);
            }
        } catch (error) {
            // Access Denied
            return res.status(401).send(error);
        }
    });
  7. Run Server

    node index.js

    Full index.js File

    Javascript




    const express = require('express');
    const dotenv = require('dotenv');
    const jwt = require('jsonwebtoken');
      
    const app = express();
      
    // Set up Global configuration access
    dotenv.config();
      
    let PORT = process.env.PORT || 5000;
    app.listen(PORT, () => {
      console.log(`Server is up and running on ${PORT} ...`);
    });
      
    // Main Code Here  //
    // Generating JWT
    app.post("/user/generateToken", (req, res) => {
        // Validate User Here
        // Then generate JWT Token
      
        let jwtSecretKey = process.env.JWT_SECRET_KEY;
        let data = {
            time: Date(),
            userId: 12,
        }
      
        const token = jwt.sign(data, jwtSecretKey);
      
        res.send(token);
    });
      
    // Verification of JWT
    app.get("/user/validateToken", (req, res) => {
        // Tokens are generally passed in header of request
        // Due to security reasons.
      
        let tokenHeaderKey = process.env.TOKEN_HEADER_KEY;
        let jwtSecretKey = process.env.JWT_SECRET_KEY;
      
        try {
            const token = req.header(tokenHeaderKey);
      
            const verified = jwt.verify(token, jwtSecretKey);
            if(verified){
                return res.send("Successfully Verified");
            }else{
                // Access Denied
                return res.status(401).send(error);
            }
        } catch (error) {
            // Access Denied
            return res.status(401).send(error);
        }
    });
  8. Send Requests and Get Output

    Output:

    • POST Request

    • POST Response
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aW1lIjoiTW9uIEphbiAxOCAyMDIxIDE2OjM2OjU3IEdNVCswNTMwIChJbmRpYSBTdGFuZGFyZCBU
    aW1lKSIsInVzZXJJZCI6MTIsImlhdCI6MTYxMDk2ODAxN30.QmWFjXhP6YtbzDAHlcE7mDMyXIdnTv1c9xOBCakNZ94
    • GET Request

    • GET Request Header

    • GET Response
    Successfully Verified

Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up
Recommended Articles
Page :