OAuth and JWT Tokens
Hello, in this article, I wanted to briefly mention how and why to use the Secret Access Token during the registration of the applications I worked with MERN technology stack.
Authentication is performed with a password and email when logging into applications with an authentication process. If the information is entered in compliance with the information in the database, then the process is performed successfully. After entering the user email and password information, the information from Express Server is checked in MongoDB and the accuracy of the information entered is examined.
Following the verification process, 2 types of token are created:
1-Access Token, the user must use this token to authorize it. This token is sent to the front end and kept in local storage. This Token Express Server is given on each request and the incoming token time is valid. However, the Express Server 403 (Forbidden) code for the token with its duration returns the information that the process cannot be performed.
2- Refresh Token is created for the token and the Access Token is renewed. Refresh Token is kept in the database in terms of safety and the user is deleted after release from the system.
JWT is used to produce these tokens.
JWT (Jason Web Token) consists of 3 parts; header, payload, and signature. The signature part is important here. The header takes the payload parts and holds them by coding them according to Base64. The string produced with the crypto class in Node.js is the signature.
By coming to the terminal for this,
1- node is written and the enter key is pressed,
2- require(‘crypto’).randomBytes(64).toString(‘hex’) and then press enter,
(crypto class is called here, a 64bit string is created and translated into string by to being.)
3- It is hidden by coming into the Secret .env.
These processes are important for verification. In the Authentication process, the Authorization process is sent to the Bearer Token Express Server in the Header section of the request. The token type is the bearer sent for the authorization process. The verification of this token by the server is thanks to Middleware.
Thank you for giving a time…