Skip to content

Instantly share code, notes, and snippets.

@ianfabs ianfabs/index.js forked from JonathanMH/index.js
Last active May 15, 2019

Embed
What would you like to do?
JSON Web Token Tutorial: Express
//Original article
//https://jonathanmh.com/express-passport-json-web-token-jwt-authentication-beginners/
//loadash is stupid bloatware stop using it
//var _ = require("lodash");
var express = require("express");
var bodyParser = require("body-parser");
var jwt = require('jsonwebtoken');
var passport = require("passport");
var passportJWT = require("passport-jwt");
var ExtractJwt = passportJWT.ExtractJwt;
var JwtStrategy = passportJWT.Strategy;
var users = [
{
id: 1,
name: 'jonathanmh',
password: '%2yx4'
},
{
id: 2,
name: 'test',
password: 'test'
}
];
var jwtOptions = {}
jwtOptions.jwtFromRequest = ExtractJwt.fromAuthHeaderWithScheme('JWT');
jwtOptions.secretOrKey = 'tasmanianDevil';
var strategy = new JwtStrategy(jwtOptions, function(jwt_payload, next) {
console.log('payload received', jwt_payload);
// usually this would be a database call:
var user = users.filter( user => user.id == jwt_payload.id)[0];
if (user) {
next(null, user);
} else {
next(null, false);
}
});
passport.use(strategy);
var app = express();
app.use(passport.initialize());
// parse application/x-www-form-urlencoded
// for easier testing with Postman or plain HTML forms
app.use(bodyParser.urlencoded({
extended: true
}));
// parse application/json
app.use(bodyParser.json())
app.get("/", function(req, res) {
res.json({message: "Express is up!"});
});
app.post("/login", function(req, res) {
if(req.body.name && req.body.password){
var name = req.body.name;
}
// usually this would be a database call:
var user = users.filter( user => user.name == name)[0];
if( ! user ){
res.status(401).json({message:"no such user found"});
}
if(user.password === req.body.password) {
// from now on we'll identify the user by the id and the id is the only personalized value that goes into our token
var payload = {id: user.id};
var token = jwt.sign(payload, jwtOptions.secretOrKey);
res.json({message: "ok", token: token});
} else {
res.status(401).json({message:"passwords did not match"});
}
});
app.get("/secret", passport.authenticate('jwt', { session: false }), function(req, res){
res.json({message: "Success! You can not see this without a token"});
});
app.listen(3000, function() {
console.log("Express running");
});
{
"name": "jwt-tutorial",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"body-parser": "^1.15.2",
"express": "^4.14.0",
"jsonwebtoken": "^7.1.9",
"passport": "^0.3.2",
"passport-jwt": "^2.1.0"
}
}
@unstorm

This comment has been minimized.

Copy link

unstorm commented May 15, 2019

Thank you Jonathan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.