Web Dev Roadmap for Beginners (Free!): https://bit.ly/DaveGrayWebDevRoadmap

Learn how to apply JWT Authentication to your Node JS and Express REST API routes in the most secure way possible to avoid XSS and CSRF attacks. This beginners tutorial will help you apply JSON Web Tokens to your REST API built with Node.js and Express.

🚩 Subscribe ➜ https://bit.ly/3nGHmNn

🚀 This tutorial is part of a Node.js & Express for Beginners tutorial series playlist:
   • Node.js Tutorials for Beginners  

🔗 Starter Source Code: https://github.com/gitdagray/user_auth

🔗 Completed Source Code: https://github.com/gitdagray/express_jwt

JWT Authentication | Node JS and Express tutorials for Beginners

(00:00) Intro
(00:05) Welcome
(00:21) JWT Authentication
(03:23) Set up
(03:36) Installing new dependencies
(04:29) Creating environment variables
(07:21) Creating JWT tokens at authorization
(18:14) Creating JWT verification middleware
(21:47) Applying JWT token verification to specific routes
(24:53) Applying JWT token verification to many routes
(28:18) Adding cookie-parser middleware
(29:46) Creating a refresh token controller
(36:03) Creating the refresh route
(36:46) Adding the refresh route to the server
(37:37) Testing the refresh route
(40:03) Creating a logout controller
(48:36) Creating the logout route
(49:26) Adding the logout route to the server
(49:43) A Quick Debug
(50:13) Testing the logout route
(52:43) Frontend: fetch needs the credentials option
(53:29) Backend: CORS needs Access-Control-Allow-Credentials
(56:18) Chrome requires specific cookie options

📚 JWT References:
Intro to JSON Web Tokens: https://jwt.io/introduction
All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs...
NPM jsonwebtoken package: https://www.npmjs.com/package/jsonweb...
NPM cookie-parser package: https://www.npmjs.com/package/cookie-...
Deleting Cookies: http://expressjs.com/en/api.html#res....
Cross-Site Scripting (XSS): https://owasp.org/www-community/attac...
Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attac...
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/ch...

📚 Login References:
Bcrypt: https://www.npmjs.com/package/bcrypt
How to Safely Store a Password: https://codahale.com/how-to-safely-st...
MDN: HTTP Response Status Codes: https://developer.mozilla.org/en-US/d...

📚 More References:
Node.js Official site: https://nodejs.org
NPM Official site: https://www.npmjs.com/
Express JS Official site: https://expressjs.com/
MDN CORS: https://developer.mozilla.org/en-US/d...
NPM CORS: https://www.npmjs.com/package/cors

✅ Follow Me:
Twitter:   / yesdavidgray  
LinkedIn:   / davidagray  
Blog: https://yesdavidgray.com
Reddit:   / daveoneleven  

Was this tutorial about JWT authentication with Node.js and Express JS helpful? If so, please share. Let me know your thoughts in the comments.

#jwt #authentication #node