JWT Authentication with Node.js, React, MySQL | Node JS Authentication With JSON Web Token

00:00

hi everyone this is a very important

00:02

topic in how to implement JWT

00:06

authentication with no.js in previous

00:09

video we created our sign up and also

00:12

the login pages and we saved the records

00:15

in my SQL database

00:16

and in this video we will Implement how

00:19

to use GWT with node.js okay in the

00:22

previous previous video we implemented

00:25

our sign up forum and we registered the

00:28

account and also we implemented our

00:30

login Forum okay and we checked that

00:32

whenever we logged in successfully we

00:34

should go to our home page okay so we

00:37

implemented it in the previous video so

00:38

for that video you have the link in the

00:40

description how to use it we use session

00:42

cookies and also saved registration and

00:46

also back check the login pages so we

00:49

did all this in the previous video so in

00:51

this video just use the gw2 or Json web

00:55

token how to use that okay so the first

00:58

thing is that we should install that in

01:00

our server side Okay so

01:09

so in this server side we will install

01:12

Json web token we will come here to the

01:14

terminal into the server side inside

01:16

here we will add NTM installed

01:19

Json Vapor token

01:23

if you are using yarn just yarn add Json

01:26

with token so I have already installed

01:28

that let's check it see Json web token I

01:30

have installed that okay so now let's

01:32

use that

01:34

so before starting let's check it how it

01:36

works okay how this this Json web token

01:40

works okay for example

01:42

um here is the user okay

01:44

the user logged into the system okay

01:46

this is the login

01:48

and they press the button

01:50

okay and it log into the server okay the

01:53

server

01:56

verified okay it login successfully okay

01:58

it generate a token for user

02:07

a generator token for the user okay it's

02:09

stored on the client side and this user

02:12

okay whenever the user again request to

02:14

an API okay to the server okay it

02:16

requests for example like a Facebook

02:18

okay whenever you log in you are

02:20

requesting for posts for comments for

02:22

your profile for something else so again

02:25

it should check that yeah so it we

02:28

should login again you whenever you are

02:30

requesting for example for posts okay

02:32

you need this should verify you is it

02:35

the user that you are logged in with us

02:36

or not are you authenticated with or not

02:38

either so it to can help with us to just

02:42

verify it based on the token okay this

02:44

is a user which is logging with us which

02:46

is verified with us which is

02:47

authenticated okay no need for again to

02:49

login uh back for the posts or comments

02:53

are for the profile so let's see just

02:55

the choker the token if that was uh

02:58

authenticated it means the token matched

03:00

with the server where there is the the

03:01

token it that match so no need again to

03:04

login for that uh API okay so let's see

03:07

for example there are money users okay

03:09

so it will check all the users so it

03:12

just shows the data the related to that

03:14

user okay so this is very strong

03:17

um the token is very strong okay so it

03:19

it is just simple when we are requesting

03:22

for other apis so it helps us um and it

03:25

authenticate the user that is it the

03:27

user that he is claiming or not so it is

03:30

all about that

03:33

so let's move now back

03:38

so to use that first of all we will come

03:40

to our server side code okay server side

03:42

okay here we are logging it to the

03:45

system okay this is the login route API

03:47

that we have written okay in the login

03:49

whenever we successfully logged into the

03:51

system okay so in the login system here

03:55

this is the code that we are plugging

03:57

successfully okay it means that our

04:00

password and username is correct so here

04:03

we will just use now gwg so first you

04:05

will import JWT so for that we will

04:08

write

04:10

import JWT from

04:12

Json web token after importing that

04:15

let's use it so whenever we logged in

04:18

successfully so here we will use that

04:20

now

04:23

okay so first of all we will just take

04:25

the ID from our records okay this one

04:28

the ID that we have okay we will just

04:30

take this ID so let's come here to our

04:32

code

04:33

and const ID is equal to the data we are

04:37

getting here okay this data this is in

04:39

our HIV that's okay whenever we run the

04:41

query we will get an array so we will

04:43

just take the 0 the first row and we

04:46

will take the idea of that after getting

04:49

the idea of that now we will use the GWT

04:52

foreign

05:00

[Music]

05:06

key this should be a private key okay

05:10

um in the real application that should

05:12

be in that EnV file okay you should have

05:14

a DOT EnV file in your startup site code

05:16

and you should store that there in check

05:19

from that eme file but now we are just

05:21

testing so I will just write something

05:23

like uh GWT if I just write like this or

05:28

secret key okay

05:30

secret key

05:32

and after that we will pass another

05:34

object so in that objective like we will

05:37

pass expires in for example expires in

05:40

like 300 okay it will just take around

05:42

five minutes okay so I thought so it

05:46

will generate a two conference okay

05:47

let's assign that to our variable

05:50

const token is equal to so this method

05:54

will just generate a token for us and we

05:57

will store that in the token variable

06:02

so after generating the token so now we

06:04

will just pass a return that is our

06:06

client said okay to our front end so to

06:09

return that instead of just forcing this

06:11

message we will just write

06:14

message

06:17

or I have it right let's assign

06:22

login true okay it means login is true

06:25

and also we will pass our token and also

06:29

we can pass

06:31

uh the data okay that will return okay

06:34

let me just simply fast that to our

06:36

front end so whenever we logged in

06:38

successfully we will generate a token

06:40

and we just pass that to our front end

06:42

so now let's move to our front-end site

06:44

code okay in let's come to the let's

06:49

uh let's come to the login to the front

06:52

end and here to the SRC to the login

06:55

in this league log in whenever we submit

06:57

our button this is the submission code

06:59

okay so we will pass this like in API in

07:02

our server side and here we will get the

07:04

results so whenever we succeeded but

07:06

right now we are not getting this

07:08

message we will get some

07:12

result

07:16

.data that

07:18

let's check it we will return this login

07:22

okay

07:24

data.login whenever we return on the

07:27

login if it was true so it will run this

07:29

code okay so we will come to this party

07:32

so just simply let's stick it okay that

07:34

we are returning okay we are going to

07:37

pack our home page or not let's check it

07:39

now let's come back and refresh it

07:42

and let's come in here enter the

07:44

password let's login Crystal login

07:46

button C yes correct

07:50

so whenever we come here so now we will

07:54

just so what you will do now with our

07:56

token so we will store our token in your

07:59

local storage okay it is a good way

08:00

maybe your yeah we will store that in a

08:03

local storage

08:06

so before storing that and the local

08:08

storage we will come here yes the user

08:11

interface we will create a button here

08:12

okay whenever we press that we will just

08:15

check is the user authenticated or not

08:17

okay by pressing that we will access the

08:20

for example user information okay so

08:22

whenever the user free starting that

08:24

button so we will check is

08:27

to access this information or not this

08:29

first of all create a button

08:32

yeah let's come here to the home page

08:35

just come here Yahoo

08:37

and here create a button inside this

08:43

uh check art okay

08:53

okay check out so now let's whenever we

08:56

click on this

08:57

on click let's add a class name to this

09:02

button button

09:05

primary

09:07

and whenever we press the this button so

09:11

we will call

09:14

let's create this function

09:18

um

09:25

yeah and the lot is equal to

09:28

it will create a function and here we

09:30

will call our backend API so for that I

09:33

will use axis

09:35

reported that has imported data

09:38

um just git okay and we will call

09:42

Sim Sim to this API this will be our

09:45

route

09:49

and let's assign it but instead of this

09:51

we will just check auth we will call

09:54

this route okay check out we will create

09:57

that later there okay so then we will

10:00

get a result

10:01

we will just cancel

10:03

log the result

10:06

cage if there was any error

10:10

console.log here

10:12

okay so we never replace this button we

10:15

will call this function inside that we

10:17

will just call this route and we will

10:19

check we will then display the result so

10:22

let's create this route okay let's come

10:24

here to the server and let's click that

10:26

here

10:27

he will just up that gate

10:31

in here cheek

10:34

okay same to that we will create a

10:36

like this

10:41

okay so after that we will get request

10:45

and response

10:49

we will just return

10:57

CDs are authenticated

11:10

so before running this route okay for

11:13

example we are passing this

11:15

authentication message to the front end

11:16

we will check is the user authenticated

11:19

or not so for that I will create another

11:21

function so I will name it verify JWT I

11:27

will create this function now and before

11:29

running this we will call this function

11:31

if that return result true so then we

11:33

will learn this otherwise not okay so

11:36

let's create that

11:37

Advanced verify GWT is equal to

11:42

we will create a function we will get

11:44

request response and that's your next

11:46

middleware

11:50

let's run that now

11:54

so here first of all we will get our

11:55

token from the headers okay we will

11:57

write counts token is equal to request

12:01

that leaders

12:03

[Music]

12:04

and from the edges we will get access

12:07

for example we will name it axis token

12:10

first we will get our token okay now we

12:13

will check if the token if the token was

12:15

not available okay

12:18

so then just return

12:23

s

12:26

we need

12:28

token

12:30

please provide it

12:33

or next time

12:35

okay else if the token was available so

12:38

then we will just verify it now

12:41

so so verify it will like GWT

12:45

dot verify

12:47

in inside the verify the first we will

12:54

then we will like our secret key okay

12:56

the key that we had before we assigned

12:58

before yeah this key okay we should

13:00

write it manually like this

13:03

it

13:05

okay so after that we will just edit a

13:09

function

13:11

there will be error or decoded

13:19

so if we get an error we will just

13:23

return result.json

13:26

not authenticated

13:30

okay else

13:33

we will just return

13:35

um first of all we will write like a

13:37

request dot user ID for example is equal

13:41

to decoded

13:43

decoded dot ID so it means that we are

13:47

passing our ID to the next route okay so

13:50

the next round to go further for the

13:52

next rounds so we will call next

13:55

uh middleware now

13:59

yeah so after writing this we did we

14:02

implemented it in our server side

14:06

so now let's move to our front end so

14:09

their whenever we get this response okay

14:11

first of all we should store our token

14:13

okay the token that we got in this login

14:15

we should store that and local storage

14:18

so let's come here and in the login so

14:21

whenever we log in successfully yeah

14:24

login successfully so we should store

14:25

that and the local storage local storage

14:28

that's it item

14:30

and we will name it token

14:32

and after that we will assign a result

14:34

the data

14:37

that token that we returned okay

14:40

the name of that was uh token okay so

14:43

let's check that

14:45

see the token that we return okay

14:49

so after that when we return the token

14:52

so we should

14:54

now use it

14:55

let's move to our

14:57

function that we created let's come here

15:00

yeah we were at the home page okay we

15:03

were at the home page so we said

15:04

whenever we click this button so we

15:06

would like to call this function so

15:08

after that we never recall this so we

15:10

should call this authentication okay

15:12

this API cheat auth okay we should call

15:15

this check out this one okay so we

15:18

should do uh pass our token also so here

15:22

we should pass with the headers at this

15:24

token okay that we used okay this one

15:26

access token we should pause this in the

15:28

heaters so let's write something like

15:30

this

15:34

heaters

15:37

and we will name it like this that we

15:40

did in our server cell okay access token

15:48

and we will pass our token to this local

15:51

storage that git item

15:55

the name of that was token

16:01

yeah everything is

16:03

working so now we will check that

16:08

so let's move to our front end so to run

16:10

this okay so first of all let's refresh

16:12

the page yeah let's log in okay after

16:15

logging so let's move to the console

16:18

what we are getting from our server side

16:20

okay let's to the console so let's press

16:22

this check out okay to check that let's

16:24

press it

16:26

see regard the result that authenticated

16:28

okay so if I remove the authentication

16:31

the token so let's come here to the

16:33

application let's come here local

16:34

storage and here let's remove this okay

16:37

let's delete it so let's come back to

16:40

the console

16:41

and let's press now this uh check out

16:44

okay so let's press it see we got we

16:47

need to please provide it for next time

16:49

okay it means there is no token with us

16:51

okay so it was the response that we got

16:55

from our server side

16:57

see if there was no token so please

16:58

provide it if that was verified so we

17:01

will get this result okay if that it

17:04

means that there was no error so we move

17:06

back to the next round so we got the

17:08

result that authenticated

17:10

so it was all about implementing uh JWT

17:13

in node.js so I hope this video was

17:17

helpful for you if you like this video

17:18

so please subscribe our YouTube channel

17:21

and also like this video on coming down

17:22

if you have any questions so please

17:24

comment down that thanks for watching