DEV Community

Discussion on: Generating a Json Web Token

Collapse
nathanbarrett profile image
Nathan Barrett

that is correct. on the server side (express js side), it's job is to verify the tokens being sent in the request to authorize the user. so express js auth middleware will most likely use jwt.verify . in your browser code, before making the request is where jwt.sign would be used to create a token that gets put inside of the request that is verified by your express js api. so when the user logs in you send them their jwt "secret". so express js and the user with the browser both have the secret. the user uses that secret to create jwt tokens. express js checks to see if that token is valid using the secret as well. I also forgot to mention that there should be another header field where they specify which account they are authorizing as. For me, I have used another header field called "Account" where their email is inserted. If you like I could create a fork from your code base and put together a quick example with an explainer. just let me know. keep up the great work!!

Thread Thread
mtee profile image
Margaret W.N Author

Okay, I'd greatly appreciate that. It's pretty confusing for me here is the link to the repo github.com/M-Tee/SCAMP-Assesment