DEV Community: JAGADEESH m The latest articles on DEV Community by JAGADEESH m (@jagadeesh_m_1339dae1f9e1f). https://dev.to/jagadeesh_m_1339dae1f9e1f https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1521657%2Fa406a422-9532-4ec2-a559-db7bae8e694e.png DEV Community: JAGADEESH m https://dev.to/jagadeesh_m_1339dae1f9e1f en Simplifying Authorization in React with Higher-Order Components (HOCs) JAGADEESH m Fri, 29 Nov 2024 17:47:14 +0000 https://dev.to/jagadeesh_m_1339dae1f9e1f/simplifying-authorization-in-react-with-higher-order-components-hocs-5bmb https://dev.to/jagadeesh_m_1339dae1f9e1f/simplifying-authorization-in-react-with-higher-order-components-hocs-5bmb <p>Authorization in React applications is essential for controlling user access and managing permissions. Higher-Order Components (HOCs) offer a powerful, reusable, and modular way to handle authorization logic efficiently. Let’s break this down into clear, actionable insights.</p> <h2> What Are HOCs and Why Use Them? </h2> <h3> Definition and Purpose </h3> <p>A <strong>Higher-Order Component (HOC)</strong> is a function that takes a component and returns a new one with enhanced functionality. Instead of modifying the original component, HOCs "wrap" it with additional logic. This approach is perfect for implementing features like authentication, authorization, or dynamic behavior.</p> <h3> Key Benefits of HOCs </h3> <ol> <li> <strong>Code Reusability</strong>: Share common logic across multiple components.</li> <li> <strong>Cleaner Code</strong>: Separate concerns by keeping components focused on their core purpose.</li> <li> <strong>Flexibility</strong>: Easily compose multiple HOCs for complex behaviors.</li> <li> <strong>Dynamic Props</strong>: Inject props dynamically based on user state or conditions.</li> <li> <strong>Non-Invasive</strong>: Enhance components without altering their original implementation.</li> </ol> <h2> Implementing Authorization Using HOCs </h2> <p>HOCs are ideal for managing user access, roles, and permissions. Here’s how to use them effectively:</p> <h3> 1. Redirect Unauthorized Users </h3> <p>Redirect users who are not logged in to the login page:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">useNavigate</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react-router-dom</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">withAuth</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">navigate</span> <span class="o">=</span> <span class="nf">useNavigate</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isAuthenticated</span><span class="p">())</span> <span class="p">{</span> <span class="nf">navigate</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Wrap any protected page like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">ProtectedPage</span> <span class="o">=</span> <span class="nf">withAuth</span><span class="p">(</span><span class="nx">MyPage</span><span class="p">);</span> </code></pre> </div> <p>If the user isn’t authenticated, they’ll be redirected to <code>/login</code>.</p> <h3> 2. Manage User Roles and Permissions </h3> <p>Control access based on roles, such as "admin" or "editor":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">withRole</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">,</span> <span class="nx">allowedRoles</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userRole</span> <span class="o">=</span> <span class="nf">getUserRole</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">allowedRoles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">userRole</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Access Denied<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;;</span> <span class="p">}</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Use it like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">AdminPage</span> <span class="o">=</span> <span class="nf">withRole</span><span class="p">(</span><span class="nx">MyPage</span><span class="p">,</span> <span class="p">[</span><span class="dl">"</span><span class="s2">admin</span><span class="dl">"</span><span class="p">]);</span> </code></pre> </div> <p>Only users with the "admin" role can access this component.</p> <h3> 3. Protect Routes with Authorization </h3> <p>Create a reusable HOC to secure routes in your app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">withProtectedRoute</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isAuthenticated</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Please log in to access this page.<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;;</span> <span class="p">}</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Wrap your route components:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">ProtectedRoute</span> <span class="o">=</span> <span class="nf">withProtectedRoute</span><span class="p">(</span><span class="nx">MyRoute</span><span class="p">);</span> </code></pre> </div> <p>Unauthorized users see a message instead of the protected content.</p> <h2> Best Practices for Authorization HOCs </h2> <ol> <li> <strong>Error Handling</strong> Display clear error messages if access is denied: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="kd">const</span> <span class="nx">withAuthorization</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isAuthenticated</span><span class="p">())</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unauthorized</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>You are not authorized to view this page.<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;;</span> <span class="p">}</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <ol> <li> <strong>Show Loading States</strong> For asynchronous checks, show a loading spinner: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="kd">const</span> <span class="nx">withLoading</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nx">React</span><span class="p">.</span><span class="nf">useState</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="nx">React</span><span class="p">.</span><span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fakeAuthCheck</span><span class="p">().</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">));</span> <span class="p">},</span> <span class="p">[]);</span> <span class="k">if </span><span class="p">(</span><span class="nx">loading</span><span class="p">)</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Loading...<span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;;</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <ol> <li> <strong>Compose HOCs for Complex Scenarios</strong> Combine multiple HOCs as needed: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="kd">const</span> <span class="nx">EnhancedComponent</span> <span class="o">=</span> <span class="nf">withAuth</span><span class="p">(</span><span class="nf">withRole</span><span class="p">(</span><span class="nx">MyComponent</span><span class="p">,</span> <span class="p">[</span><span class="dl">"</span><span class="s2">editor</span><span class="dl">"</span><span class="p">]));</span> </code></pre> </div> <ol> <li> <strong>Keep HOCs Simple</strong> Focus on one responsibility per HOC to improve readability and maintainability.</li> </ol> <h2> Advanced Techniques for HOCs </h2> <h3> Performance Optimization </h3> <ul> <li> <strong>Memoization</strong>: Use <code>React.memo</code> or <code>useMemo</code> to avoid unnecessary re-renders.</li> <li> <strong>Caching</strong>: Cache authorization results to reduce redundant API calls.</li> <li> <strong>Lazy Loading</strong>: Use <code>React.lazy</code> to split code and improve load times.</li> </ul> <h3> Dynamic Updates </h3> <p>For real-time permission changes:</p> <ul> <li>Use <strong>WebSockets</strong> for instant updates.</li> <li>Use <strong>React Context</strong> to share updated permission states across components.</li> </ul> <h3> State Management Integration </h3> <p>HOCs work well with libraries like Redux or Recoil:</p> <ul> <li>Store permissions in global state.</li> <li>Connect HOCs to read and update this state dynamically.</li> </ul> <h2> Testing Authorization HOCs </h2> <ol> <li> <strong>Mock Authentication States</strong> Simulate different user states for testing: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="nx">jest</span><span class="p">.</span><span class="nf">mock</span><span class="p">(</span><span class="dl">"</span><span class="s2">./auth</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">isAuthenticated</span><span class="p">:</span> <span class="nx">jest</span><span class="p">.</span><span class="nf">fn</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">),</span> <span class="na">getUserRole</span><span class="p">:</span> <span class="nx">jest</span><span class="p">.</span><span class="nf">fn</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="dl">"</span><span class="s2">admin</span><span class="dl">"</span><span class="p">),</span> <span class="p">}));</span> </code></pre> </div> <ol> <li><p><strong>Integration Testing</strong><br><br> Test wrapped components in different scenarios to ensure seamless functionality.</p></li> <li><p><strong>Unit Testing</strong><br><br> Directly test the logic of your HOC:<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="nf">expect</span><span class="p">(</span><span class="nc">HOCLogic</span><span class="p">()).</span><span class="nf">toEqual</span><span class="p">(</span><span class="nx">expectedOutcome</span><span class="p">);</span> </code></pre> </div> <h2> Real-World Use Cases </h2> <ol> <li> <strong>Feature Flags</strong> Enable or disable features dynamically: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="kd">const</span> <span class="nx">withFeatureFlag</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">,</span> <span class="nx">feature</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isFeatureEnabled</span><span class="p">(</span><span class="nx">feature</span><span class="p">))</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <ol> <li> <strong>Secure API Calls</strong> Automatically add tokens for authenticated requests: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="kd">const</span> <span class="nx">withAuthHeaders</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Component</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">props</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">apiWithAuth</span> <span class="o">=</span> <span class="p">(</span><span class="nx">apiCall</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="p">...</span><span class="nx">apiCall</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Bearer token</span><span class="dl">"</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Component</span> <span class="si">{</span><span class="p">...</span><span class="nx">props</span><span class="si">}</span> <span class="na">apiWithAuth</span><span class="p">=</span><span class="si">{</span><span class="nx">apiWithAuth</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <ol> <li> <strong>Protect Entire Routes</strong> Ensure unauthorized users are redirected globally.</li> </ol> JWT Token Refresh: Authentication Made Simple 🔐 JAGADEESH m Fri, 29 Nov 2024 17:15:45 +0000 https://dev.to/jagadeesh_m_1339dae1f9e1f/jwt-token-refresh-authentication-made-simple-31ke https://dev.to/jagadeesh_m_1339dae1f9e1f/jwt-token-refresh-authentication-made-simple-31ke <h2> Why Do We Need Token Refresh? </h2> <p>Imagine you're playing an online game, and every 30 minutes, you get kicked out and have to log in again. Frustrating, right? In web applications, authentication works similarly. Tokens (like digital passes) expire for security reasons, but we want to make this process smooth for users.</p> <h2> The Problem with Traditional Authentication </h2> <p>When a token expires, most applications force you to log in again. This is like being midway through a task and suddenly being told to start over from scratch. Our goal is to fix this!</p> <h2> How Token Refresh Works: A Simple Explanation </h2> <h3> Think of Tokens Like a Day Pass </h3> <ol> <li> <strong>Access Token</strong>: A short-lived ticket that lets you enter different parts of an application</li> <li> <strong>Refresh Token</strong>: A special, longer-lasting ticket that helps you get a new access token</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2b6yy74rcfqrrf2oz8zp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2b6yy74rcfqrrf2oz8zp.png" alt="Image description" width="800" height="689"></a></p> <h3> The Magic Happens in Two Steps </h3> <h4> Step 1: Detect Token Expiration </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// When a request fails because the token is old</span> <span class="nx">Client</span><span class="p">.</span><span class="nx">interceptors</span><span class="p">.</span><span class="nx">response</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span> <span class="p">(</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">,</span> <span class="c1">// Normal responses pass through</span> <span class="k">async </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Check if the error is because the token is expired</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">response</span><span class="p">?.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">401</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// It's like saying, "Oops, my pass is old. Let me get a new one!"</span> <span class="kd">const</span> <span class="nx">newToken</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">refreshToken</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h4> Step 2: Get a New Token </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Ask the server for a new access token</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Client</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">"</span><span class="s2">/auth/refresh</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">withCredentials</span><span class="p">:</span> <span class="kc">true</span> <span class="c1">// Important security detail</span> <span class="p">});</span> <span class="c1">// Extract the new token</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">accessToken</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="c1">// Update the application with the new token</span> <span class="nf">updateToken</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">);</span> <span class="k">return</span> <span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// If getting a new token fails, log the user out</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Couldn't refresh token</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <h2> The Secret Sauce: Remembering the Original Request </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// This is the magical part - saving the original request</span> <span class="kd">const</span> <span class="nx">originalRequest</span> <span class="o">=</span> <span class="nx">error</span><span class="p">.</span><span class="nx">config</span><span class="p">;</span> <span class="c1">// After getting a new token, replay the exact same request</span> <span class="k">if </span><span class="p">(</span><span class="nx">newToken</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// It's like rewinding and replaying a game level</span> <span class="nx">originalRequest</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">Authorization</span> <span class="o">=</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">newToken</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="k">return</span> <span class="nc">Client</span><span class="p">(</span><span class="nx">originalRequest</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> Real-World Analogy </h3> <p>Think of this like a multi-pass at an amusement park:</p> <ul> <li>Your access token is a single-ride ticket</li> <li>Your refresh token is the ability to get a new ride ticket</li> <li>When a ride ticket (access token) expires, you use the multi-pass (refresh token) to get a new one</li> <li>You don't have to leave the park or start over - you just get a new ticket!</li> </ul> <h2> Backend: Verifying the Refresh Token </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">refresh</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Check if the refresh token exists</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nx">refreshToken</span><span class="p">;</span> <span class="c1">// Verify the token is valid and belongs to a real user</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">refreshToken</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">);</span> <span class="c1">// Find the user</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">email</span> <span class="p">});</span> <span class="c1">// Create a new access token</span> <span class="kd">const</span> <span class="nx">accessToken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">username</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span> <span class="p">},</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1d</span><span class="dl">"</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="nx">accessToken</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Something went wrong</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Authentication failed</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <h2> Key Takeaways </h2> <ol> <li>Token refresh keeps users logged in seamlessly</li> <li>We save the original request to replay it after getting a new token</li> <li>The process happens automatically in the background</li> <li>Users never know their token was refreshed</li> </ol> <h2> Pro Tips </h2> <ul> <li>Always use HTTPS to protect tokens</li> <li>Implement proper error handling</li> <li>Have a backup plan if token refresh fails</li> </ul> <h2> Conclusion </h2> <p>Authentication doesn't have to be complicated. With the right approach, you can create a smooth, secure experience that keeps your users happy and your application protected.</p> <p>Happy Coding! 🚀🔐</p> javascript jwt axios react