Open Abhishek-TG18 opened 1 month ago
Congratulations, @Abhishek-TG18! 🎉 Thank you for creating your issue. Your contribution is greatly appreciated and we look forward to working with you to resolve the issue. Keep up the great work!
We will promptly review your changes and offer feedback. Keep up the excellent work! Kindly remember to check our contributing guidelines
Please add gsoc-ext and hacktoberfest tag
Describe the feature
The JWT Authentication feature allows secure and stateless user authentication in a Node.js backend. It works by generating a JSON Web Token (JWT) upon successful login, which is used for authenticating subsequent requests.
User Registration: When a user signs up, their credentials (like username and password) are securely stored in a MongoDB database. Passwords are encrypted using bcryptjs to ensure they are not stored in plain text.
User Login: During login, the backend verifies the user's credentials by comparing the hashed password stored in the database. Upon successful validation, the backend generates a JWT, which is signed using a secret key stored in environment variables. This JWT is sent back to the client.
Protected Routes: Certain routes in the application (such as profile information or dashboard access) are protected and can only be accessed by authenticated users. These routes require the client to pass the JWT in the Authorization header of the HTTP request. The token is then verified by the backend using the same secret key. If the token is valid, access is granted.
Token Expiry and Refresh: Tokens can be set to expire after a certain period (e.g., 1 hour) for security purposes. The client will need to log in again or use a refresh token strategy to obtain a new JWT.
JWT Structure: The JWT typically contains the user’s ID and other necessary payload data (e.g., user role) to allow the backend to authenticate and authorize access to resources. The token consists of three parts:
Header: Specifies the type of token and the signing algorithm used. Payload: Contains claims, which include user details and metadata. Signature: Verifies that the token hasn’t been tampered with.
Add ScreenShots
NO LOGINING IN AFTER entering credentails
Record