Skip to content
/ RESTFul-API-Auth-ExpressJS-JWT-MongoDB Public

This repository contains my learning on how to authenticate user with JWT & googleapis services

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dewasemadi/RESTFul-API-Auth-ExpressJS-JWT-MongoDB

BranchesTags

Repository files navigation

Authentication & Authorization ExpressJS Using JWT

Left side is client app using next js and right side is log of express js

Login.with.Google.Account.mp4

After clone this project, create your own .env file for environment variables in root project

NODE_ENV = <your node env>

CLIENT_BASE_URL = <your client base url>
SERVER_BASE_URL = <your server base url>
MONGO_URI = <your mongo uri>

ACCESS_TOKEN_SECRET = <your access token secret>
REFRESH_TOKEN_SECRET = <your refresh token secret>

EMAIL_SENDER = <your email sender name>
AUTH_EMAIL = <your email>
AUTH_EMAIL_PASSWORD = <your email password>

GOOGLE_CLIENT_ID = <your client id>
GOOGLE_CLIENT_SECRET = <your client secret>

Tech Stack and Tools

  • Express JS
  • MongoDB & MongoDB Compass (client)
  • Postman
  • Linux (Zorin OS)

Manual Authentication Endpoints

Method Endpoints Payload Description
POST /auth/register {name, email, password} Register new user and store it into mongoDB
POST /auth/login {email, password} Authenticate user
POST /auth/reset-password-link {email} When user forgot their password, they can request reset password link and send it to gmail
POST /auth/reset-password?token={{token}} {new_password, new_password_confirmation} Generate new password
PUT /auth/change-password {old_password, new_password, new_password_confirmation} Change password when user authenticated
POST /auth/email-verification {email} When the email verification token is invalid, user can request new email verification link
GET /auth/email-verification?token={{token}} - Verify user email
GET /auth/logout - Kick user from our system
GET /auth /generate-access-token - When access token is expired, user can request a new access token using refresh token

Authentication with Gogleapis Service Endpoints

Method Endpoints Payload Description
GET /auth/google/url - Generate authorization URL
GET /auth/google/callback - Callback for retrieve authorization code
GET /auth/google - Get google information profile

Features:

  • Input validation
  • Implements access token and refresh token with JWT
  • SMTP to send token to user email for verify email and reset password
  • Login with google
  • oauth2

Software Architecture and Flow

ERD

ERD auth

Rest API Architecture

Rest API Architecture

Access Token and Refresh Token JWT Flow

access token and refresh token flow-Page-1

Login or Sign Up with Google

google oauth

Showcase Project

Screenshot from 2021-12-27 22-16-07

Screenshot from 2021-12-27 22-16-52

Screenshot from 2021-12-27 22-20-11

Screenshot from 2021-12-31 19-20-11

About

This repository contains my learning on how to authenticate user with JWT & googleapis services

Topics

jwt oauth2 mongodb expressjs jwt-authentication nodemailer jwt-auth googleapis

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages