How to build Vue.js JWT Authentication with Vuex and Vue Router
In this tutorial, we’re gonna build a Vue.js with Vuex and Vue Router Application that supports JWT Authentication
In this tutorial, we’re gonna build a Vue.js with Vuex and Vue Router Application that supports JWT Authentication. I will show you:
- JWT Authentication Flow for User Signup & User Login
- Project Structure for Vue.js Authentication with Vuex & Vue Router
- How to define Vuex Authentication module
- Creating Vue Authentication Components with Vuex Store & VeeValidate
- Vue Components for accessing protected Resources
- How to add a dynamic Navigation Bar to Vue App
Let’s explore together.
Contents
- Overview of Vue JWT Authentication example
- Flow for User Registration and User Login
- Vue App Component Diagram with Vuex & Vue Router
- Technology
- Project Structure
- Setup Vue App modules
- Create Services
- Define Vuex Authentication module
- Create Vue Authentication Components
- Create Vue Components for accessing Resources
- Define Routes for Vue Router
- Add Navigation Bar to Vue App
- Handle Unauthorized Access
- Conclusion
Overview of Vue JWT Authentication example
We will build a Vue application in that:
- There are Login/Logout, Signup pages.
- Form data will be validated by front-end before being sent to back-end.
- Depending on User’s roles (admin, moderator, user), Navigation Bar changes its items automatically.
Screenshots
– Signup Page:
– Login Page & Profile Page (for successful Login):
– Navigation Bar for Admin account:
Demo
This is full Vue JWT Authentication App demo (with form validation, check signup username/email duplicates, test authorization with 3 roles: Admin, Moderator, User). In the video, we use Spring Boot for back-end REST APIs.
Flow for User Registration and User Login
For JWT Authentication, we’re gonna call 2 endpoints:
- POST
api/auth/signupfor User Registration - POST
api/auth/signinfor User Login
You can take a look at following flow to have an overview of Requests and Responses Vue Client will make or receive.
Vue Client must add a JWT to HTTP Authorization Header before sending request to protected resources.
Vue App Component Diagram with Vuex & Vue Router
Now look at the diagram below.
Let’s think about it.
– The App component is a container with Router. It gets app state from Vuex store/auth. Then the navbar now can display based on the state. App component also passes state to its child components.
– Login & Register components have form for submission data (with support of vee-validate). We call Vuex store dispatch() function to make login/register actions.
– Our Vuex actions call auth.service methods which use axios to make HTTP requests. We also store or get JWT from Browser Local Storage inside these methods.
– Home component is public for all visitor.
– Profile component get user data from its parent component and display user information.
– BoardUser, BoardModerator, BoardAdmin components will be displayed by Vuex state user.roles. In these components, we use user.service to get protected resources from API.
– user.service uses auth-header() helper function to add JWT to HTTP Authorization header. auth-header() returns an object containing the JWT of the currently logged in user from Local Storage.
Technology
We will use these modules:
- vue: 2.6.10
- vue-router: 3.0.3
- vuex: 3.0.1
- axios: 0.19.0
- vee-validate: 2.2.15
- bootstrap: 4.3.1
- vue-fontawesome: 0.1.7
Project Structure
This is folders & files structure for our Vue application:
With the explaination in diagram above, you can understand the project structure easily.
Setup Vue App modules
Run following command to install neccessary modules:
npm install vue-router
npm install vuex
npm install [email protected]
npm install axios
npm install bootstrap jquery popper.js
npm install @fortawesome/fontawesome-svg-core @fortawesome/free-solid-svg-icons @fortawesome/vue-fontawesome
After the installation is done, you can check dependencies in package.json file.
"dependencies": {
"@fortawesome/fontawesome-svg-core": "^1.2.25",
"@fortawesome/free-solid-svg-icons": "^5.11.2",
"@fortawesome/vue-fontawesome": "^0.1.7",
"axios": "^0.19.0",
"bootstrap": "^4.3.1",
"core-js": "^2.6.5",
"jquery": "^3.4.1",
"popper.js": "^1.15.0",
"vee-validate": "^2.2.15",
"vue": "^2.6.10",
"vue-router": "^3.0.3",
"vuex": "^3.0.1"
},
Open src/main.js, add code below:
import Vue from 'vue';
import App from './App.vue';
import { router } from './router';
import store from './store';
import 'bootstrap';
import 'bootstrap/dist/css/bootstrap.min.css';
import VeeValidate from 'vee-validate';
import { library } from '@fortawesome/fontawesome-svg-core';
import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
import {
faHome,
faUser,
faUserPlus,
faSignInAlt,
faSignOutAlt
} from '@fortawesome/free-solid-svg-icons';
library.add(faHome, faUser, faUserPlus, faSignInAlt, faSignOutAlt);
Vue.config.productionTip = false;
Vue.use(VeeValidate);
Vue.component('font-awesome-icon', FontAwesomeIcon);
new Vue({
router,
store,
render: h => h(App)
}).$mount('#app');
You can see that we import and apply in Vue object:
– store for Vuex (implemented later in src/store)
– router for Vue Router (implemented later in src/router.js)
– bootstrap with CSS
– vee-validate
– vue-fontawesome for icons (used later in nav)
Create Services
We create two services in src/services folder:
services
auth-header.js
auth.service.js (Authentication service)
user.service.js (Data service)
Authentication service
The service provides three important methods with the help of axios for HTTP requests & reponses:
login(): POST {username, password} & saveJWTto Local Storagelogout(): removeJWTfrom Local Storageregister(): POST {username, email, password}
import axios from 'axios';
const API_URL = 'http://localhost:8080/api/auth/';
class AuthService {
login(user) {
return axios
.post(API_URL + 'signin', {
username: user.username,
password: user.password
})
.then(this.handleResponse)
.then(response => {
if (response.data.accessToken) {
localStorage.setItem('user', JSON.stringify(response.data));
}
return response.data;
});
}
logout() {
localStorage.removeItem('user');
}
register(user) {
return axios.post(API_URL + 'signup', {
username: user.username,
email: user.email,
password: user.password
});
}
handleResponse(response) {
if (response.status === 401) {
this.logout();
location.reload(true);
const error = response.data && response.data.message;
return Promise.reject(error);
}
return Promise.resolve(response);
}
}
export default new AuthService();
If login request returns 401 status (Unauthorized), that means, JWT was expired or no longer valid, we will logout the user (remove JWT from Local Storage).
Data service
We also have methods for retrieving data from server. In the case we access protected resources, the HTTP request needs Authorization header.
Let’s create a helper function called authHeader() inside auth-header.js:
export default function authHeader() {
let user = JSON.parse(localStorage.getItem('user'));
if (user && user.accessToken) {
return { Authorization: 'Bearer ' + user.accessToken };
} else {
return {};
}
}
It checks Local Storage for user item.
If there is a logged in user with accessToken (JWT), return HTTP Authorization header. Otherwise, return an empty object.
Now we define a service for accessing data in user.service.js:
import axios from 'axios';
import authHeader from './auth-header';
const API_URL = 'http://localhost:8080/api/test/';
class UserService {
getPublicContent() {
return axios.get(API_URL + 'all');
}
getUserBoard() {
return axios.get(API_URL + 'user', { headers: authHeader() });
}
getModeratorBoard() {
return axios.get(API_URL + 'mod', { headers: authHeader() });
}
getAdminBoard() {
return axios.get(API_URL + 'admin', { headers: authHeader() });
}
}
export default new UserService();
You can see that we add a HTTP header with the help of authHeader() function when requesting authorized resource.
Define Vuex Authentication module
We put Vuex module for authentication in src/store folder.
store
auth.module.js (authentication module)
index.js (Vuex Store that contains also modules)
Now open index.js file, import auth.module to main Vuex Store here.
import Vue from 'vue';
import Vuex from 'vuex';
import { auth } from './auth.module';
Vue.use(Vuex);
export default new Vuex.Store({
modules: {
auth
}
});
Then we start to define Vuex Authentication module that contains:
- state: { status, user }
- actions: { login, logout, register }
- mutations: { loginSuccess, loginFailure, logout, registerSuccess, registerFailure }
We use AuthService which is defined above to make authentication requests.
auth.module.js
import AuthService from '../services/auth.service';
const user = JSON.parse(localStorage.getItem('user'));
const initialState = user
? { status: { loggedIn: true }, user }
: { status: {}, user: null };
export const auth = {
namespaced: true,
state: initialState,
actions: {
login({ commit }, user) {
return AuthService.login(user).then(
user => {
commit('loginSuccess', user);
return Promise.resolve(user);
},
error => {
commit('loginFailure');
return Promise.reject(error.response.data);
}
);
},
logout({ commit }) {
AuthService.logout();
commit('logout');
},
register({ commit }, user) {
return AuthService.register(user).then(
response => {
commit('registerSuccess');
return Promise.resolve(response.data);
},
error => {
commit('registerFailure');
return Promise.reject(error.response.data);
}
);
}
},
mutations: {
loginSuccess(state, user) {
state.status = { loggedIn: true };
state.user = user;
},
loginFailure(state) {
state.status = {};
state.user = null;
},
logout(state) {
state.status = {};
state.user = null;
},
registerSuccess(state) {
state.status = {};
},
registerFailure(state) {
state.status = {};
}
}
};
You can find more details about Vuex at Vuex Guide.
Create Vue Authentication Components
Define User model
To make code clear and easy to read, we define the User model first.
Under src/models folder, create user.js like this.
export default class User {
constructor(username, email, password) {
this.username = username;
this.email = email;
this.password = password;
}
}
Let’s continue with Authentication Components.
Instead of using axios or AuthService directly, these Components should work with Vuex Store:
– getting status with this.$store.state.auth
– making request by dispatching an action: this.$store.dispatch()
views
Login.vue
Register.vue
Profile.vue
Vue Login Page
In src/views folder, create Login.vue file with following code:
<template>
<div class="col-md-12">
<div class="card card-container">
<img
id="profile-img"
src="//ssl.gstatic.com/accounts/ui/avatar_2x.png"
class="profile-img-card"
/>
<form name="form" @submit.prevent="handleLogin">
<div class="form-group">
<label for="username">Username</label>
<input
type="text"
class="form-control"
name="username"
v-model="user.username"
v-validate="'required'"
/>
<div
class="alert alert-danger"
role="alert"
v-if="errors.has('username')"
>Username is required!</div>
</div>
<div class="form-group">
<label for="password">Password</label>
<input
type="password"
class="form-control"
name="password"
v-model="user.password"
v-validate="'required'"
/>
<div
class="alert alert-danger"
role="alert"
v-if="errors.has('password')"
>Password is required!</div>
</div>
<div class="form-group">
<button class="btn btn-primary btn-block" :disabled="loading">
<span class="spinner-border spinner-border-sm" v-show="loading"></span>
<span>Login</span>
</button>
</div>
<div class="form-group">
<div class="alert alert-danger" role="alert" v-if="message">{{message}}</div>
</div>
</form>
</div>
</div>
</template>
<script>
import User from '../models/user';
export default {
name: 'login',
computed: {
loggedIn() {
return this.$store.state.auth.status.loggedIn;
}
},
data() {
return {
user: new User('', ''),
loading: false,
message: ''
};
},
mounted() {
if (this.loggedIn) {
this.$router.push('/profile');
}
},
methods: {
handleLogin() {
this.loading = true;
this.$validator.validateAll();
if (this.errors.any()) {
this.loading = false;
return;
}
if (this.user.username && this.user.password) {
this.$store.dispatch('auth/login', this.user).then(
() => {
this.$router.push('/profile');
},
error => {
this.loading = false;
this.message = error.message;
}
);
}
}
}
};
</script>
<style scoped>
label {
display: block;
margin-top: 10px;
}
.card-container.card {
max-width: 350px !important;
padding: 40px 40px;
}
.card {
background-color: #f7f7f7;
padding: 20px 25px 30px;
margin: 0 auto 25px;
margin-top: 50px;
-moz-border-radius: 2px;
-webkit-border-radius: 2px;
border-radius: 2px;
-moz-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
-webkit-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
}
.profile-img-card {
width: 96px;
height: 96px;
margin: 0 auto 10px;
display: block;
-moz-border-radius: 50%;
-webkit-border-radius: 50%;
border-radius: 50%;
}
</style>
This page has a Form with username & password. We use [VeeValidate 2.x](http://<a href=) to validate input before submitting the form. If there is an invalid field, we show the error message.
We check user logged in status using Vuex Store: this.$store.state.auth.status.loggedIn. If the status is true, we use Vue Router to direct user to Profile Page:
created() {
if (this.loggedIn) {
this.$router.push('/profile');
}
},
In the handleLogin() function, we dispatch 'auth/login' Action to Vuex Store. If the login is successful, go to Profile Page, otherwise, show error message.
Vue Register Page
This page is similar to Login Page.
For form validation, we have some more details:
username: required|min:3|max:20email: required|email|max:50password: required|min:6|max:40
For form submission, we dispatch 'auth/register' Vuex Action.
src/views/Register.vue
<template>
<div class="col-md-12">
<div class="card card-container">
<img
id="profile-img"
src="//ssl.gstatic.com/accounts/ui/avatar_2x.png"
class="profile-img-card"
/>
<form name="form" @submit.prevent="handleRegister">
<div v-if="!successful">
<div class="form-group">
<label for="username">Username</label>
<input
type="text"
class="form-control"
name="username"
v-model="user.username"
v-validate="'required|min:3|max:20'"
/>
<div
class="alert-danger"
v-if="submitted && errors.has('username')"
>{{errors.first('username')}}</div>
</div>
<div class="form-group">
<label for="email">Email</label>
<input
type="email"
class="form-control"
name="email"
v-model="user.email"
v-validate="'required|email|max:50'"
/>
<div
class="alert-danger"
v-if="submitted && errors.has('email')"
>{{errors.first('email')}}</div>
</div>
<div class="form-group">
<label for="password">Password</label>
<input
type="password"
class="form-control"
name="password"
v-model="user.password"
v-validate="'required|min:6|max:40'"
/>
<div
class="alert-danger"
v-if="submitted && errors.has('password')"
>{{errors.first('password')}}</div>
</div>
<div class="form-group">
<button class="btn btn-primary btn-block">Sign Up</button>
</div>
</div>
</form>
<div
class="alert"
:class="successful ? 'alert-success' : 'alert-danger'"
v-if="message"
>{{message}}</div>
</div>
</div>
</template>
<script>
import User from '../models/user';
export default {
name: 'register',
computed: {
loggedIn() {
return this.$store.state.auth.status.loggedIn;
}
},
data() {
return {
user: new User('', '', ''),
submitted: false,
successful: false,
message: ''
};
},
mounted() {
if (this.loggedIn) {
this.$router.push('/profile');
}
},
methods: {
handleRegister() {
this.message = '';
this.submitted = true;
this.$validator.validate().then(valid => {
if (valid) {
this.$store.dispatch('auth/register', this.user).then(
data => {
this.message = data.message;
this.successful = true;
},
error => {
this.message = error.message;
this.successful = false;
}
);
}
});
}
}
};
</script>
<style scoped>
label {
display: block;
margin-top: 10px;
}
.card-container.card {
max-width: 350px !important;
padding: 40px 40px;
}
.card {
background-color: #f7f7f7;
padding: 20px 25px 30px;
margin: 0 auto 25px;
margin-top: 50px;
-moz-border-radius: 2px;
-webkit-border-radius: 2px;
border-radius: 2px;
-moz-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
-webkit-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
}
.profile-img-card {
width: 96px;
height: 96px;
margin: 0 auto 10px;
display: block;
-moz-border-radius: 50%;
-webkit-border-radius: 50%;
border-radius: 50%;
}
</style>
Profile Page
This page gets current User from Vuex Store and show information. If the User is not logged in, it directs to Login Page.
src/views/Profile.vue
<template>
<div class="container">
<header class="jumbotron">
<h3>
<strong>{{currentUser.username}}</strong> Profile
</h3>
</header>
<p>
<strong>Token:</strong>
{{currentUser.accessToken.substring(0, 20)}} ... {{currentUser.accessToken.substr(currentUser.accessToken.length - 20)}}
</p>
<p>
<strong>Id:</strong>
{{currentUser.id}}
</p>
<p>
<strong>Email:</strong>
{{currentUser.email}}
</p>
<strong>Authorities:</strong>
<ul>
<li v-for="(role,index) in currentUser.roles" :key="index">{{role}}</li>
</ul>
</div>
</template>
<script>
export default {
name: 'profile',
computed: {
currentUser() {
return this.$store.state.auth.user;
}
},
mounted() {
if (!this.currentUser) {
this.$router.push('/login');
}
}
};
</script>
Create Vue Components for accessing Resources
These components will use UserService to request data.
views
Home.vue
BoardAdmin.vue
BoardModerator.vue
BoardUser.vue
Home Page
This is a public page.
src/views/Home.vue
<template>
<div class="container">
<header class="jumbotron">
<h3>{{content}}</h3>
</header>
</div>
</template>
<script>
import UserService from '../services/user.service';
export default {
name: 'home',
data() {
return {
content: ''
};
},
mounted() {
UserService.getPublicContent().then(
response => {
this.content = response.data;
},
error => {
this.content = error.response.data.message;
}
);
}
};
</script>
Role-based Pages
We have 3 pages for accessing protected data:
- BoardUser page calls
UserService.getUserBoard() - BoardModerator page calls
UserService.getModeratorBoard() - BoardAdmin page calls
UserService.getAdminBoard()
This is an example, other Page are similar to this Page.
src/views/BoardUser.vue
<template>
<div class="container">
<header class="jumbotron">
<h3>{{content}}</h3>
</header>
</div>
</template>
<script>
import UserService from '../services/user.service';
export default {
name: 'user',
data() {
return {
content: ''
};
},
mounted() {
UserService.getUserBoard().then(
response => {
this.content = response.data;
},
error => {
this.content = error.response.data.message;
}
);
}
};
</script>
Define Routes for Vue Router
Now we define all routes for our Vue Application.
src/router.js
import Vue from 'vue';
import Router from 'vue-router';
import Home from './views/Home.vue';
import Login from './views/Login.vue';
import Register from './views/Register.vue';
Vue.use(Router);
export const router = new Router({
mode: 'history',
routes: [
{
path: '/',
name: 'home',
component: Home
},
{
path: '/home',
component: Home
},
{
path: '/login',
component: Login
},
{
path: '/register',
component: Register
},
{
path: '/profile',
name: 'profile',
// lazy-loaded
component: () => import('./views/Profile.vue')
},
{
path: '/admin',
name: 'admin',
// lazy-loaded
component: () => import('./views/BoardAdmin.vue')
},
{
path: '/mod',
name: 'moderator',
// lazy-loaded
component: () => import('./views/BoardModerator.vue')
},
{
path: '/user',
name: 'user',
// lazy-loaded
component: () => import('./views/BoardUser.vue')
}
]
});
Add Navigation Bar to Vue App
This is the root container for our application that contains navigation bar. We will add router-view here.
src/App.vue
<template>
<div id="app">
<nav class="navbar navbar-expand navbar-dark bg-dark">
<a href="#" class="navbar-brand">bezKoder</a>
<div class="navbar-nav mr-auto">
<li class="nav-item">
<a href="/home" class="nav-link">
<font-awesome-icon icon="home" /> Home
</a>
</li>
<li class="nav-item" v-if="showAdminBoard">
<a href="/admin" class="nav-link">Admin Board</a>
</li>
<li class="nav-item" v-if="showModeratorBoard">
<a href="/mod" class="nav-link">Moderator Board</a>
</li>
<li class="nav-item">
<a href="/user" class="nav-link" v-if="currentUser">User</a>
</li>
</div>
<div class="navbar-nav ml-auto" v-if="!currentUser">
<li class="nav-item">
<a href="/register" class="nav-link">
<font-awesome-icon icon="user-plus" /> Sign Up
</a>
</li>
<li class="nav-item">
<a href="/login" class="nav-link">
<font-awesome-icon icon="sign-in-alt" /> Login
</a>
</li>
</div>
<div class="navbar-nav ml-auto" v-if="currentUser">
<li class="nav-item">
<a href="/profile" class="nav-link">
<font-awesome-icon icon="user" />
{{currentUser.username}}
</a>
</li>
<li class="nav-item">
<a href class="nav-link" @click="logOut">
<font-awesome-icon icon="sign-out-alt" /> LogOut
</a>
</li>
</div>
</nav>
<div class="container">
<router-view />
</div>
</div>
</template>
<script>
export default {
computed: {
currentUser() {
return this.$store.state.auth.user;
},
showAdminBoard() {
if (this.currentUser) {
return this.currentUser.roles.includes('ROLE_ADMIN');
}
return false;
},
showModeratorBoard() {
if (this.currentUser) {
return this.currentUser.roles.includes('ROLE_MODERATOR');
}
return false;
}
},
methods: {
logOut() {
this.$store.dispatch('auth/logout');
this.$router.push('/login');
}
}
};
</script>
Our navbar looks more professional when using font-awesome-icon.
We also make the navbar dynamically change by current User’s roles which are retrieved from Vuex Store state.
Handle Unauthorized Access
If you want to check Authorized status everytime a navigating action is trigger, just add router.beforeEach() at the end of src/router.js like this:
router.beforeEach((to, from, next) => {
const publicPages = ['/login', '/home'];
const authRequired = !publicPages.includes(to.path);
const loggedIn = localStorage.getItem('user');
// try to access a restricted page + not logged in
if (authRequired && !loggedIn) {
return next('/login');
}
next();
});
Conclusion
Congratulation!
Today we’ve done so many interesting things. I hope you understand the overall layers of our Vue application, and apply it in your project at ease. Now you can build a front-end app that supports JWT Authentication with Vue.js, Vuex and Vue Router.
Happy learning, see you again!
Angular 9 Tutorial: Learn to Build a CRUD Angular App Quickly
What's new in Bootstrap 5 and when Bootstrap 5 release date?
Brave, Chrome, Firefox, Opera or Edge: Which is Better and Faster?
How to Build Progressive Web Apps (PWA) using Angular 9
What is new features in Javascript ES2020 ECMAScript 2020
Performance Boost Using Highcharts.js and Vue.js
How to Maintain Performance with Big Datasets Using Highcharts. js and Vue. Sometimes you just need to show big datasets in your project. However, the library that you've used so far, as soon as you start to add data, becomes clunky and slow.
What are the differences between the various JavaScript frameworks? E.g. Vue.js, Angular.js, React.js
What are the differences? Do they each have specific use contexts?