This is a review of setting up simple authentication and route protection using passport jwt strategy. This is a secure api server that can be used for both web and mobile applications.
These instructions will get you a copy of the project up and running on your local machine.
> git clone https://github.com/richdurazo/auth-review
> cd auth-review
> npm install
> npm run dev
This project uses Javascript, Node, Express, Mongodb, Mongoose
- jwt - JSON Web Tokens
- jwt-simple - JSON Web Token encode and decode module
- bcrypt - Used to generate a salt and hash the user password
- passport - authentication middleware for Node.js.
> Sign up --> Validate email and password are not in use --> send token
> Sign in --> Verify their email and pw are correct using Local Strategy --> send token
> Authenticated request --> Validate token using JWT strategy --> give them access to protected resource
> using bcrypt we create a salt (encryption key)
> took a password and encrypted it using a hased pasword
> then we saved the salt and the hashed password to database (mongodb)
> pull just the salt from the db
> use the salt (encryption key) to encrypt the user submitted pw
> compare the newly hashed password to the hashed password in our db
- Stephen Grider and his amazing tutorials on Udemy - Advanced React and Redux