This repository provides the source code for a Node.js Web API implementing JWT-based authentication and authorization. The implementation utilizes Express.js as the foundation for a fast and scalable web server, and MongoDB for persistent data storage. More about JSON Web Tokens can be found at https://github.com/mkokor/jwt-auth-dotnet-6-api#readme.
- Registration
Users can register a new user account by providing required data.
- Authentication
Users can authenticate themselves using their usernames and passwords. Upon successful authentication, access token and refresh token are generated. Access token, which grants access to protected resources, is stored in HTTP response body. Refresh token, which enables the user to refresh access token without going through authentication process again, is securely stored in HttpOnly cookie.
- Authorization
The API supports defining different roles and permissions for users. This enables fine-grained control over access to various parts of the application based on user roles.
- Refresh Token Rotation
To enhance security, the API implements a refresh token rotation mechanism. After each request to refresh the access token, a new refresh token is used, minimizing the exposure time to potential threats.
Some features require a set up of .env file.
In application root folder, enter command below to install required packages.
npm install
In server root folder, enter one of the two following commands to run server.
node index.js
npm start