JSON Web Tokens (JWT) are a widely-used method for securely transmitting information between parties as a JSON object. In Node.js applications, JWT is commonly used for user authentication and authorization. This guide will walk you through implementing JWT authentication in a Node.js application step by step.
JWT allows you to create stateless authentication systems, meaning the server does not need to store session information. It’s secure, scalable, and works seamlessly with APIs. By using JWT, you can protect routes, verify users, and ensure secure communication between client and server.
First, create a new project folder and initialize it:
.webp "send-email")
mkdir jwt-auth-demo
cd jwt-auth-demo
npm init -yInstall the necessary packages:
npm install express jsonwebtoken bcryptjs body-parser– express – For creating the server.
– jsonwebtoken – For generating and verifying JWTs.
– bcryptjs – For hashing passwords.
– body-parser – For parsing incoming request bodies.
Create a file server.js:
const express = require('express');
const bodyParser = require('body-parser');
const app = express();
app.use(bodyParser.json());
app.get('/', (req, res) => {
res.send('JWT Authentication Demo');
});
app.listen(3000, () => {
console.log('Server running on http://localhost:3000');
});In a real application, you’d store users in a database. For simplicity, we’ll use an in-memory array:
const users = [];
const bcrypt = require('bcryptjs');
app.post('/register', async (req, res) => {
const { username, password } = req.body;
const hashedPassword = await bcrypt.hash(password, 10);
users.push({ username, password: hashedPassword });
res.send('User registered successfully!');
});This hashes the user’s password before storing it, ensuring security.
const jwt = require('jsonwebtoken');
app.post('/login', async (req, res) => {
const { username, password } = req.body;
const user = users.find(u => u.username === username);
if (!user) return res.status(400).send('User not found');
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) return res.status(400).send('Invalid credentials');
const token = jwt.sign({ username: user.username }, 'your-secret-key', { expiresIn: '1h' });
res.json({ token });
});This generates a JWT token that expires in 1 hour.
const authenticate = (req, res, next) => {
const token = req.header('Authorization')?.replace('Bearer ', '');
if (!token) return res.status(401).send('Access denied');
try {
const verified = jwt.verify(token, 'your-secret-key');
req.user = verified;
next();
} catch (err) {
res.status(400).send('Invalid token');
}
};
app.get('/protected', authenticate, (req, res) => {
res.send('This is a protected route. Welcome ' + req.user.username);
});Now, only users with a valid JWT can access the protected route.
Implementing JWT authentication allows you to create secure, stateless authentication for your Node.js applications. This approach can be extended to APIs, microservices, and frontend-backend integrations, giving you full control over user access and authorization.
JWT authentication in Node.js is powerful and straightforward. By following these steps—setting up the project, registering users, generating tokens, and protecting routes—you can secure your application efficiently. Once comfortable, you can integrate databases, refresh tokens, and more advanced authentication features to build robust and scalable applications.
Beyond the Battlefield: Architecting Your Web App with Optimal SSR or CSR Rendering
Beyond the Battlefield: Architecting Your Web App with Optimal SSR or CSR Rendering Gaurav Garg 06 March 2026 In the dynamic landscape of web development, a fundamental architectural decision often dictates the success and user experience of a web application: the choice between Server-Side Rendering (SSR) and Client-Side Rendering (CSR). This isn’t merely a technical […]
How IT Companies Can Win Global Clients in 2026
How IT Companies Can Win Global Clients in 2026 Chirag Verma 06/03/2026 In 2026, the global technology market is more competitive and opportunity-rich than ever before. Businesses across industries are searching for reliable IT partners who can help them innovate, scale, and stay ahead in an increasingly digital world. For IT companies, winning global […]
The Human Side of AI: How HR Leaders Will Shape the Future of Work in 2026
The Human Side of AI: How HR Leaders Will Shape the Future of Work in 2026 Khushi Kaushik 06 march, 2026 Introduction As we step into 2026, the workplace is evolving faster than ever before. Artificial Intelligence, automation, remote work, and digital collaboration tools are transforming how organizations operate. But amid all this innovation, one […]
Socket.IO Security Unveiled: Mastering Authentication & Authorization for Robust Real-time Applications
Socket.IO Security Unveiled: Mastering Authentication & Authorization for Robust Real-time Applications Divya Pal 4 February, 2026 In the dynamic landscape of modern web development, real-time applications have become indispensable, powering everything from chat platforms to collaborative editing tools. At the heart of many of these interactive experiences lies Socket.IO, a powerful library enabling low-latency, bidirectional […]
Prisma ORM in Production: Architecting for Elite Performance and Seamless Scalability
Prisma ORM in Production: Architecting for Elite Performance and Seamless Scalability Shubham Anand 16 February 2026 In the rapidly evolving landscape of web development, database interaction stands as a critical pillar. For many modern applications, Prisma ORM has emerged as a powerful, type-safe, and intuitive tool for interacting with databases. However, transitioning from development to […]