JWT Authentication with Access Tokens & Refresh Tokens - Node.js

JWT Authentication with Access Tokens & Refresh Tokens - Node.js

In this video, we take a deep dive into JSON Web Tokens, how to use them as access tokens, the problems with a completely stateless application, and how to solve those problems with refresh tokens.

In this video, we take a deep dive into JSON Web Tokens, how to use them as access tokens, the problems with a completely stateless application, and how to solve those problems with refresh tokens.

JSON Web Tokens are made up of 3 base64 encoded objects concatenated into a single string. The first string is the header, the second is the payload and the third is an encrypted signature.

The header portion of the token contains metadata or data about the token such as the signing algorithm and the token type.

The payload is a JSON object that you want to store in the token. There are reserved keys such as iss and exp that you can't use. You should never store sensitive information in the payload, such as passwords.

The signature is generated by encrypting the header and payload base64 strings with your private key.

If the header or payload data change, the secret will no longer match the header and payload strings, making the JWT invalid.

Access tokens are granted to users when they have proven to be who they claim to be, usually by logging in. The bearer of these tokens can make subsequent requests and provide the token as proof that they are who they claim to be.

Using JWTs as access tokens allows your system to be stateless, meaning the system does not need to have access to a stateful data source, such as a database, to verify and extract the data from the token. This is great for scaling applications but introduces a new problem.

We need to be able to force a single user to log out and make sure the user does not need to log in every few minutes.

The solution to these problems is refresh tokens.

Refresh tokens allow the system to provide short-lived access tokens. When a request is made that includes a valid access token that has not expired, access is granted for that request.

However, if the access token has expired but the request includes a valid refresh token, we can do a single trip to the database to make sure the userโ€™s session is still valid and if it is, provide them with a new access token.

In this video we are going to look into the anatomy of JSON web tokens, granding access tokens and how to use fresh tokens.

By watching the entire video you will understand the concepts that power JSON Web tokens and how to build your own secure authentication system using JSON web tokens.

๐Ÿ“š Concepts & technologies covered

  • JWT
  • Access tokens
  • Refresh tokens
  • Express.js
  • Cookies

Repository: https://github.com/TomDoesTech/JWT-Ac...

๐ŸŒŽ Subscribe: https://www.youtube.com/c/TomDoesTech/featured

jwt node node-js javascript

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Hire Top Node JS Developers | Best Node.js Development Company India

Hire dedicated Node JS developers & programmers in India for custom full-stack NodeJS web development projects on hourly/full-time basis. Strict NDA, 16+ years exp & 2500+ clients|450+ Experts

Hire Dedicated Node.js Developers - Hire Node.js Developers

Get business-centric Node.Js development services from expert Node.JS developers. We have expertise in developing & maintaining Node JS apps as per the business requirements.

Node JS Development Company| Node JS Web Developers-SISGAIN

SISGAIN is the top rated node js development company providing professional services on node js web and mobile development.

Why use Node.js for Web Development? Benefits and Examples of Apps

Get Node.js developers & programmers, and dedicated Node coders in India with average 5 years of experience. 15+ Yrs Exp, 500+ Staff, 13800+ Projects, 6800+ Clients.

Node JS Development Company | Hire Node.js Developers

Looking to hire Node js developers? One of the top Node js development companies in India & USA offers cost-effective Node js web development services.