Managing Login and Understanding JWTs

JSON Web Tokens (JWTs)

JSON stands for JSON Web Token, which is an open standard for exchanging security information between a client and a server. A cryptographic algorithm signs these tokens to ensure that the information cannot be changed after the token is issued.

In this lesson, we’ll go over how to create a login endpoint and how tokens are generated when a user successfully logs in. These tokens contain user-relevant data and can be saved throughout the app.

So let’s see what happens when a user tries to sign up.

1. On login, we ask the users to provide their email and password.

2. When they enter these details, we’ll run a check to see if their identity exists in the database.

3. If it does, we see if the password entered matches the one in the database.

4. If it doesn’t match, they will be denied access; if it does, they will be granted access.

5. When a user logs in, we’ll also return a status code, their user information, and a token that will be required as a header in other secure endpoints.

Login endpoint

Two further functions—UpdateTokens and ValidateToken—need to be added to our tokenHelper file. The validate token determines whether the passed token is valid or expired. The user’s token is simply updated by the update token function.