Web Dev Roadmap for Beginners (Free!): https://bit.ly/DaveGrayWebDevRoadmap

Learn how to apply JWT Authentication to your Node JS and Express REST API routes in the most secure way possible to avoid XSS and CSRF attacks. This beginners tutorial will help you apply JSON Web Tokens to your REST API built with Node.js and Express.

Subscribe https://bit.ly/3nGHmNn

This tutorial is part of a Node.js & Express for Beginners tutorial series playlist:
https://www.youtube.com/playlist?list=PL0Zuz27SZ-6PFkIxaJ6Xx_X46avTM1aYw

Starter Source Code: https://github.com/gitdagray/user_auth

Completed Source Code: https://github.com/gitdagray/express_jwt

JWT Authentication | Node JS and Express tutorials for Beginners

(00:00) Intro
(00:05) Welcome
(00:21) JWT Authentication
(03:23) Set up
(03:36) Installing new dependencies
(04:29) Creating environment variables
(07:21) Creating JWT tokens at authorization
(18:14) Creating JWT verification middleware
(21:47) Applying JWT token verification to specific routes
(24:53) Applying JWT token verification to many routes
(28:18) Adding cookie-parser middleware
(29:46) Creating a refresh token controller
(36:03) Creating the refresh route
(36:46) Adding the refresh route to the server
(37:37) Testing the refresh route
(40:03) Creating a logout controller
(48:36) Creating the logout route
(49:26) Adding the logout route to the server
(49:43) A Quick Debug
(50:13) Testing the logout route
(52:43) Frontend: fetch needs the credentials option
(53:29) Backend: CORS needs Access-Control-Allow-Credentials
(56:18) Chrome requires specific cookie options

JWT References:
Intro to JSON Web Tokens: https://jwt.io/introduction
All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs-cookies-all-you-need-to-know-about-storing-jwt-tokens-securely-in-the-front-end-15id
NPM jsonwebtoken package: https://www.npmjs.com/package/jsonwebtoken
NPM cookie-parser package: https://www.npmjs.com/package/cookie-parser
Deleting Cookies: http://expressjs.com/en/api.html#res.clearCookie
Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/
Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attacks/csrf
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html

Login References:
Bcrypt: https://www.npmjs.com/package/bcrypt
How to Safely Store a Password: https://codahale.com/how-to-safely-store-a-password/
MDN: HTTP Response Status Codes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

More References:
Node.js Official site: https://nodejs.org
NPM Official site: https://www.npmjs.com/
Express JS Official site: https://expressjs.com/
MDN CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
NPM CORS: https://www.npmjs.com/package/cors

Follow Me:
Twitter: https://twitter.com/yesdavidgray
LinkedIn: https://www.linkedin.com/in/davidagray/
Blog: https://yesdavidgray.com
Reddit: https://www.reddit.com/user/DaveOnEleven

Was this tutorial about JWT authentication with Node.js and Express JS helpful? If so, please share. Let me know your thoughts in the comments.

#jwt #authentication #node