Authentication and authorization are crucial for securing modern web applications. In a Node.js application, implementing authentication ensures that only legitimate users can access the system, while authorization defines the actions users can perform based on their roles. This guide covers implementing authentication and authorization in Node.js using JSON Web Tokens (JWT) and OAuth.

Understanding Authentication vs. Authorization

Authentication: The process of verifying a user’s identity. This can be done using email/password, social logins, or third-party authentication providers.

Authorization: The process of granting access to specific resources based on user roles and permissions.

Implementing Authentication with JWT in Node.js

JWT (JSON Web Token) is a widely used method for authentication in web applications. It allows secure, stateless authentication using signed tokens.

1. Setting Up a Node.js Project

First, initialize a new Node.js project and install the required dependencies:

mkdir auth-app && cd auth-app

npm init -y

npm install express jsonwebtoken bcryptjs dotenv cors body-parser

2. Creating the Express Server

Create a file server.js and set up a basic Express server:

const express = require(‘express’);

const jwt = require(‘jsonwebtoken’);

const bcrypt = require(‘bcryptjs’);

const dotenv = require(‘dotenv’);

dotenv.config();

const app = express();

app.use(express.json());

const users = []; // Temporary user storage

app.listen(5000, () => console.log(‘Server running on port 5000’));

3. Registering Users

Create a route for user registration where passwords are hashed before storing them:

app.post(‘/register’, async (req, res) => {

const { username, password } = req.body;

const hashedPassword = await bcrypt.hash(password, 10);

users.push({ username, password: hashedPassword });

res.json({ message: ‘User registered successfully’ });

});

4. User Login and Token Generation

When users log in, validate credentials and generate a JWT token:

app.post(‘/login’, async (req, res) => {

const { username, password } = req.body;

const user = users.find(user => user.username === username);

if (!user || !(await bcrypt.compare(password, user.password))) {

return res.status(400).json({ message: ‘Invalid credentials’ });

}

const token = jwt.sign({ username }, process.env.JWT_SECRET, { expiresIn: ‘1h’ });

res.json({ token });

});

5. Protecting Routes with JWT Middleware

Secure routes by verifying the token:

const authenticateToken = (req, res, next) => {

const token = req.headers[‘authorization’];

if (!token) return res.status(401).json({ message: ‘Access denied’ });

jwt.verify(token, process.env.JWT_SECRET, (err, user) => {

if (err) return res.status(403).json({ message: ‘Invalid token’ });

req.user = user;

next();

});

};

6. Creating a Protected Route

app.get(‘/dashboard’, authenticateToken, (req, res) => {

res.json({ message: `Welcome, ${req.user.username}!` });

});

Implementing OAuth for Authentication

OAuth allows users to log in using third-party providers like Google or Facebook.

1. Installing Dependencies

npm install passport passport-google-oauth20

2. Configuring Google OAuth

const passport = require(‘passport’);

const GoogleStrategy = require(‘passport-google-oauth20’).Strategy;

passport.use(new GoogleStrategy({

clientID: process.env.GOOGLE_CLIENT_ID,

clientSecret: process.env.GOOGLE_CLIENT_SECRET,

callbackURL: ‘/auth/google/callback’

}, (accessToken, refreshToken, profile, done) => {

return done(null, profile);

}));

3. Setting Up OAuth Routes

app.get(‘/auth/google’, passport.authenticate(‘google’, { scope: [‘profile’, ’email’] }));

app.get(‘/auth/google/callback’, passport.authenticate(‘google’, {

successRedirect: ‘/dashboard’,

failureRedirect: ‘/’

}));

Conclusion

Securing a Node.js application requires both authentication and authorization. JWT is a powerful tool for stateless authentication, while OAuth enables users to log in via third-party providers. By implementing these methods, you can enhance the security and user experience of your application.

If you are looking for any services related to Website Development, App Development, Digital Marketing and SEO, just email us at nchouksey@manifestinfotech.com or Skype id: live:76bad32bff24d30d

𝐅𝐨𝐥𝐥𝐨𝐰 𝐔𝐬:

𝐋𝐢𝐧𝐤𝐞𝐝𝐢𝐧: linkedin.com/company/manifestinfotech

𝐅𝐚𝐜𝐞𝐛𝐨𝐨𝐤: facebook.com/manifestinfotech/

𝐈𝐧𝐬𝐭𝐚𝐠𝐫𝐚𝐦: instagram.com/manifestinfotech/

𝐓𝐰𝐢𝐭𝐭𝐞𝐫: twitter.com/Manifest_info

#NodeJS #Authentication #Authorization #JWT #OAuth #WebSecurity #NodeJSTutorial #WebDevelopment #BackendDevelopment #APISecurity #FullStackDevelopment #SecureLogin #TechBlog #Coding #JavaScript