Authentication and Authorization in Node.js

Previously we have learned how to create JSON Web Token (JWT) by demo login data, passed through request header to verify user by using middleware. Before starting with this post it’s recommended to overview previous post on ”Token-Based Authentication In Node.js Using JWT”.In this article, we are going to learn how to perform user authentication using “Passport” then create JWT token to verify user with access permission on each request. We are going to use MSSQL server for database operations. Previously we have tested the sample application using postman, in this post we are going to configure handlebars as view engine to prepare user interface for user operations.

Detail Post:

Token-Based Authentication In Node.js Using JWT

In this post we are going to learn about JSON Web Tokens (JWT), and know how to create a token by using JSON Web Tokens (JWT) on user authentication to secure NodeJS API’s. All we are going to creating a new sample application using Express-generator, then modify the application to create a token using JWT to verify user access for API’s. Let’s start the talk about getting an overview on authentication.

Detail Post:

Getting Started with ExpressJS

In this post we are going to start with ExpressJS by getting the explanation of how to start with environment setup, package management, also learning about its versioning, advantages, and disadvantages.

Later we are going to learn how to use a tool like Express-Generator to create the quick application using the command line, after that we are going to explore application architecture of the created application.

Detail Post:

Learn About API Authorization In Node.js

In this post we are going to secure our NodeJS API’s with customized security token generated by logged user and HTTP actions.

How it Works:

Let’s take a quick look on how the work is going to be done.

  1. Generating a customized token by each HTTP request.
  2. Pass it through request header(x-access-token)
  3. Server extract the token from each request
  4. Verify the custom token by regenerating in server
  5. If token match then system check the user permission from database
  6. Otherwise system will response with status code of 403/404

Read more “Learn About API Authorization In Node.js”