authServer.js JWT Example
create a function to generate an access token and add expiration date to it (usually 10-15 mins)
create a refresh token and return to user inside login route
create a new post route to issue new access tokens
check to make token was sent in body fo request
check to see if token is already been issued
verify if token is good and if good generate new access token
create a route to delete refresh tokens
upon logout delete user refresh token from database
require('dotenv').config();
const express = require('express');
const jwt = require('jsonwebtoken');
const app = express();
app.use(express.json());
let refreshTokens = [];
app.post('/login', (req, res) => {
// Authenticate user
const username = req.body.username;
const user = { name: username };
const accessToken = generateAccessToken(user);
const refreshToken = jwt.sign(user, process.env.REFRESH_TOKEN_SECRET);
refreshTokens.push(refreshToken);
return res.json({ accessToken: accessToken, refreshToken: refreshToken });
} );
app.post('/logout', (req, res) => {
refreshTokens = refreshTokens.filter((token) => token !== req.body.token);
res.sendStatus(204);
});
app.post('/token', (req, res) => {
const refreshToken = req.body.token;
if (refreshToken === null) return res.sendStatus(401);
if (!refreshTokens.includes(refreshToken)) return res.sendStatus(403);
jwt.verify(refreshToken, process.env.REFRESH_TOKEN_SECRET, (err, user) => {
if (err) return res.sendStatus(403);
const accessToken = generateAccessToken({ name: user.name });
res.json({ accessToken: accessToken });
});
});
function generateAccessToken(user) {
return jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '15s' });
}
app.listen(4000)
Last modified: 10 March 2024