JWT ( JSON Web Token )
JSON Web Token (JWT) is a standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. The compact size makes the tokens easy to transfer through an URL, POST parameter, or inside an HTTP header. The information in a JWT is digitally signed using a secret or public/private key pair.
JWTs can be signed using a secret or a public/private key pair.
JWTs are mainly used for authentication. After a user signs in to an application, the application then assigns JWT to that user. Subsequent requests by the user will include the assigned JWT. This token tells the server what routes, services, and resources the user is allowed to access.
Advantages of Node.js authentication with JWT
Node.js authentication with JWT has several advantages over the traditional authentication process, primarily the scalability of stateless applications. And since it’s becoming popular among such heavyweights as Facebook and Google, it’s adoption across the industry likely will continue to grow.
Other advantages include:
- Simple verification through a JSON Web Token
- You can use an authentication service or outsource it
- Provides more trustworthiness than cookies or sessions
The Need for JSON Web Token
There are several reasons why applications use JSON Web Tokens for authentication:
- JWT is an excellent choice to be passed in HTML and HTTP environments due to its smaller footprint when compared to other types of tokens.
- JSON Web Tokens can be signed using a shared secret and also by using public/private key pairs.
- It is easier to work with JWT as JSON parsers are standard in most programming languages.
- JWT is also suitable for implementing authorization in large-scale web applications.
ExpressJs
Express is a flexible Node.js web application framework that provides a wide set of features to develop both web and mobile applications.
Express.js makes it much easier and simpler to build a web server with the use of middleware, which can handle requests and responses.
Features of Express.js
The main features of Express.js include:
- The capability to design single-page, multi-page, and hybrid web applications.
- Options for setting up middleware to respond to HTTP requests.
- It defines a routing table that is used to perform different actions based on the HTTP method and URL.
- Enables users to dynamically render HTML pages based on passing arguments to templates.
A basic “Hello Express” example in node.js express
open terminal and create folder
mkdir start-express
inside the folder command
npm init -y
npm install express -save
create file index.js and inside code here
const express = require ("epress");
const app = express( );
const port = process.env.port || 3000;
app.get('/',(req,res)=>{
re.send("Hello Express")
});
app.listen (port,( )=>{
console.log (“listening to port”,port);
});
The request object represents the HTTP request and contains properties for the request query string, parameters, body, HTTP headers, and so on.
The response object represents the HTTP response that an Express app sends when it receives an HTTP request.
*Process : *
- Implementing a callback function with parameters ‘request’ and ‘response’
- The application will listen on the defined port, which in this case is “3000,” and variables ‘port’ will contain the address and the port respectively
- Lastly, the console.log statement shows the address and port in the command prompt or terminal
Displaying output in browser :
Hello Express
Mongoose
Mongoose is an Object Document Mapper (ODM). This means that Mongoose allows you to define objects with a strongly-typed schema that is mapped to a MongoDB document.
Mongoose provides an incredible amount of functionality around creating and working with schemas. Mongoose currently contains eight SchemaTypes that a property is saved as when it is persisted to MongoDB. They are:
- String
- Number
- Date
- Buffer
- Boolean
- Mixed
- ObjectId
- Array
Each data type allows you to specify:
- a default value.
- a custom validation function.
- indicate a field is required.
- a get function that allows you to manipulate the data before it is returned as an object.
- a set function that allows you to manipulate the data before it is saved to the database.
- create indexes to allow data to be fetched faster.
Further to these common options, certain data types allow you to further customize how the data is stored and retrieved from the database. For example, a String data type also allows you to specify the following additional options:
- convert it to lowercase.
- convert it to uppercase.
- trim data prior to saving.
- a regular expression that can limit data allowed to be saved during the validation process.
- an enum that can define a list of strings that are valid.
Latest comments (0)