In this demo, I created a simple authenticate application without using 3rd party authentication library like Passport. By doing this, I can have a deeper understanding of how things work behind the scenes, including hashing passport, JWT encoding and decoding.
This is an API based application, no interface, you will need to use some forms of API calling like Post Man to run through the application. You also need to create a MongoDB database for storing user info.
- bcrypt
- config
- dotenv
- express
- jsonwebtoken
- mongoose
-
POST: http://localhost:3000/users/Params:
. first_name . last_name . email . passwordResponse:
. code: 422 { "error": "This email address has been taken." } . code: 200 { "message": "Your account has been created successfully." } -
POST: http://localhost:3000/users/loginParams:
. email . passwordResponse:
. code: 200 { "message": "You have successfully logged in.", "token": "xxxxx", "refresh_token": "xxxx" } . code 400 { "error": "Your email or password is not match." }token: JWT token, indicate that you have been authenticated successfully. This token also need for further requests which require authentication. It will have an expiration time defined in config/default.json, jwt_lifetime.
refresh_token: JWT token, used for renew a token in case that token has been expired and also could apply as a log out everywhere feature.
-
GET http://localhost:3000/usersHeader:
. Authorization: Bearer {token}Params:
. NONEResponse:
. Code 403 Forbidden . Code 200 { "_id": "5ee45e24378a933143b23b35", "first_name": "Vinh", "last_name": "Giang", "email": "[email protected]", "created_at": "2020-06-13T05:03:32.510Z", "updated_at": "2020-06-19T00:35:45.692Z", "refresh_token": "xxx" } -
POST http://localhost:3000/users/tokenParams:
. token: {refresh_token}Response:
. Code 403 Forbidden . Code 200 { "token": "xxx" }token: Use this token to keep user logged in
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent