Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT Authentication for Secure User Access using Node js Express Js and MongoDB [ Backend ] #1473

Open
3 tasks done
Abhishek-TG18 opened this issue Oct 7, 2024 · 2 comments
Open
3 tasks done

JWT Authentication for Secure User Access using Node js Express Js and MongoDB [ Backend ] #1473

Abhishek-TG18 opened this issue Oct 7, 2024 · 2 comments

Comments

@Abhishek-TG18
Copy link
Contributor

Describe the feature

The JWT Authentication feature allows secure and stateless user authentication in a Node.js backend. It works by generating a JSON Web Token (JWT) upon successful login, which is used for authenticating subsequent requests.

User Registration: When a user signs up, their credentials (like username and password) are securely stored in a MongoDB database. Passwords are encrypted using bcryptjs to ensure they are not stored in plain text.

User Login: During login, the backend verifies the user's credentials by comparing the hashed password stored in the database. Upon successful validation, the backend generates a JWT, which is signed using a secret key stored in environment variables. This JWT is sent back to the client.

Protected Routes: Certain routes in the application (such as profile information or dashboard access) are protected and can only be accessed by authenticated users. These routes require the client to pass the JWT in the Authorization header of the HTTP request. The token is then verified by the backend using the same secret key. If the token is valid, access is granted.

Token Expiry and Refresh: Tokens can be set to expire after a certain period (e.g., 1 hour) for security purposes. The client will need to log in again or use a refresh token strategy to obtain a new JWT.

JWT Structure: The JWT typically contains the user’s ID and other necessary payload data (e.g., user role) to allow the backend to authenticate and authorize access to resources. The token consists of three parts:

Header: Specifies the type of token and the signing algorithm used.
Payload: Contains claims, which include user details and metadata.
Signature: Verifies that the token hasn’t been tampered with.

Add ScreenShots

Screenshot (106)
NO LOGINING IN AFTER entering credentails

Record

  • I agree to follow this project's Code of Conduct
  • I'm a GSSOC'24 contributor
  • I want to work on this issue
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 7, 2024

Congratulations, @Abhishek-TG18! 🎉 Thank you for creating your issue. Your contribution is greatly appreciated and we look forward to working with you to resolve the issue. Keep up the great work!

We will promptly review your changes and offer feedback. Keep up the excellent work! Kindly remember to check our contributing guidelines

@Abhishek-TG18
Copy link
Contributor Author

Please add gsoc-ext and hacktoberfest tag

@Abhishek-TG18 Abhishek-TG18 mentioned this issue Oct 8, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Abhishek-TG18