Scribd Logo
Upload

Welcome to Scribd!

  • JWT Token

    Uploaded by

    NAMAN KOTHARI
    20 views2 pages
    The document discusses how to implement JSON Web Tokens (JWT) for user authentication in a MongoDB database with a Node/Express backend and React frontend. It explains storing a JWT in the user document, cookie, and using it to auto-login users by verifying the token on subsequent requests without requiring re-authentication each time. The key steps covered are generating and signing a JWT with a secret key, verifying it, and expiring the token after a set time for security.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses how to implement JSON Web Tokens (JWT) for user authentication in a MongoDB database with a Node/Express backend and React frontend. It explains storing a JWT in the user document, cookie, and using it to auto-login users by verifying the token on subsequent requests without requiring re-authentication each time. The key steps covered are generating and signing a JWT with a secret key, verifying it, and expiring the token after a set time for security.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views2 pages

    JWT Token

    Uploaded by

    NAMAN KOTHARI
    The document discusses how to implement JSON Web Tokens (JWT) for user authentication in a MongoDB database with a Node/Express backend and React frontend. It explains storing a JWT in the user document, cookie, and using it to auto-login users by verifying the token on subsequent requests without requiring re-authentication each time. The key steps covered are generating and signing a JWT with a secret key, verifying it, and expiring the token after a set time for security.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    The entire procedure done in  Stylab work  cards-frontend-mongodb & cards-backend-mongodb

    The procedure includes:-

    Creating a jwt token inside of the user schema of the mongo db so as to add the signed token to that
    users data in the database, make a cookie out of that jwt token and then send it to the front end so
    it gets stored as cookies on the users device and then doing two things usinf that cookie:-

    1- send it to the backend when user tries to access something without logging in/ something like
    that and show the user the login page instead of the requested one so as to make sure that he logs
    in first and then only can he see the page

    2- to grab the cookie in which the token of the user Is already saved after that user has already
    logged in one time before and so that he/she doest need to log back in ervru time they do come visit
    the site  this can be done by using a function like componentdidmount/ useEffect which call the
    api before the app mounts things so that that api can grab the token of the user from the device,
    extract the details of that user and auto log him in.

    What is Jwt? – it is nothing but takes the unique tokens of users that have logged into some website
    in the form of cookies and stores it so that the next time the user visits that website he/she doesn’t
    have to log in again and his/her information of last time still remain there.

    First install the npm by running :- npm i jsonwebtoken

    Import jwt from “jwtwebtoken”;

    Jwt.sign({_id: “43232”}, ”secretkey”)  the secret key Is used to verify that the user is authentic and not any other user.

    👆Payload passing(it should be unique for every user.)

    .then(token => {

    experiesIn:”2 seconds” //it will automatically sign the user out after a certain amount of time so as
    // to make the site secure such as bank websites do

    Jwt.verify(token, “secretkey”)

    .then(finalkey => { console.log(finalkey)})

    })

    createToken();

    it is completely stateless which is why the server doesn’t know anything about it, anything before it
    or anything after it.+

    There are three things in any given token which are separated by dot and those three things are
    1- algorithm and token type (HEADER – type usually jsonwebtoken)

    2- payload data (payload = body’s data)

    3- signature verfication

    You might also like