How to Create and Verify JWTs with Node?

In this article, we will see how to create JWT tokens in Node.js. We will implement secure authentication in Node.js by creating and verifying JSON Web Tokens (JWTs) using libraries like `jsonwebtoken`.

Prerequisites:

• Good knowledge of JavaScript.
• Basic knowledge about  Express JS.
• Basic knowledge about API Authentication.
• Basic knowledge about postman and their uses.

Steps to Implement and Verify JWT

Step 1: Firstly set up the NodeJs project. If you do not have NodeJs or NPM please refer to this article. Initiate NodeJs project with npm.

npm init -y

Step 2: After initiating the project install some dependencies. Install express, and jsonwebtoken through npm

npm install express jsonwebtoken

Step 3: Install nodemon as a dev-dependency.

npm install -d nodemon

Project Structure:

👁 Image

The updated dependencies in package.json file will look like

"dependencies": {
 "express": "^4.18.2",
 "jsonwebtoken": "^9.0.2",
 "nodemon": "^3.0.2",
}

Step 4: Add one more script in the package.json file. Open the package.json file and add one line below to the test script.

Approach

• Before create and verify the API endpoint with the help of JWT, and express firstly write some code for further use.
• After the dummy code is ready, then create a json database object and store some dummy data.
• Allow JSON data to make communicate with API. Allow the JSON data in a request by adding middleware for the body parser.
• Create a login route and create a JWT token. Here, create a login post route and create a JWT token and return it to the response., read code comments for better understanding.
• JWT sign method is used to creating a token the take are three arguments one is a response object, and the second one is a secret key and the last one is an options object for better use of the token.

jwt.sign(
 {data_obeject},
 "secret_key",
 {Options}
)

• Now we will make another route for authentication jwt token. Here, we create an authentication route and authenticate the coming JWT token.

// Verify route
app.get('/auth', (req, res) => {

 // Get token value to the json body
 const token = req.body.token;

 // If the token is present
 if(token){

 // Verify the token using jwt.verify method
 const decode = jwt.verify(token, 'secret');

 // Return response with decode data
 res.json({
 login: true,
 data: decode
 });
 }else{

 // Return response with error
 res.json({
 login: false,
 data: 'error'
 });
 }
});

• JWT verify method is used for verify the token the take two arguments one is token string value, and second one is secret key for matching the token is valid or not. The validation method returns a decode object that we stored the token in.

jwt.verify(token_value, 'secret_key');

Example: Below is the complete code of the above step by step implementation

Step to test the routes: We will use Postman to test the API routes. Firstly test the login route. Open the postman and make a post request on the '/login' route with appropriate JSON data.

Output: Send a POST request to localhost at '/login' with login data, receive a JSON response with login status and token/object data, then use the token to authenticate a GET request to '/auth'. After validation, you will get the proper data object store in the token.