Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sushantrahate/jwt-auth-refresh-token-as-http-only-cookie

JWT Authentication With Refresh Token as HTTP-only Cookie
https://github.com/sushantrahate/jwt-auth-refresh-token-as-http-only-cookie

access-token authentication httponly-cookie javscript jwt nodejs refresh-token

Last synced: 11 days ago
JSON representation

JWT Authentication With Refresh Token as HTTP-only Cookie

Host: GitHub
URL: https://github.com/sushantrahate/jwt-auth-refresh-token-as-http-only-cookie
Owner: sushantrahate
License: mit
Created: 2024-05-01T07:40:30.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-05-11T14:54:07.000Z (6 months ago)
Last Synced: 2024-05-11T15:50:25.503Z (6 months ago)
Topics: access-token, authentication, httponly-cookie, javscript, jwt, nodejs, refresh-token
Language: JavaScript
Homepage:
Size: 23.4 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # JWT Authentication With Refresh Token as HTTP-only Cookie using NodeJS

A simple Node.js app that implements JWT-based authentication, including handling both access and refresh tokens via HttpOnly cookies. The project serves a static HTML file and manages secure backend routes.

## Usage

Download repo, install dependency `npm i` and run `node app.js`

## Access the App

Open a browser and navigate to `http://localhost:3000`

## Project Structure

```

│

├── app.js # Node.js server file

├── index.html # HTML file for frontend operations

```

## Functionality:

### Backend:

- Static File Serving: Serves static files (HTML, JS, CSS) from the public directory.

- API Routes:

  - Register: Allows users to register with a username and password.

  - Login: Validates credentials and issues access and refresh tokens, stored as HttpOnly cookies.

  - Token Refresh: Generates a new access token if the current one expires, using the refresh token.

  - Logout: Clears tokens and removes them from in-memory storage.

- Middleware:

  - Token Verification: Checks for a valid access token, and attempts to renew it using the refresh token if it fails.

### Frontend:

- HTML Interface: Provides forms for registration, login, accessing protected routes, and logging out.

- JavaScript Logic: Handles communication with the backend via fetch requests, including:

  - Handling Credentials: Uses credentials: 'include' to include cookies in requests.

  - Error Handling: Alerts users for unsuccessful actions and renews tokens if needed.

If you liked it then please show your love by ⭐ the repo