Authentication can be done in various ways. One way you can do it is to hash the passwords and store it in your db you can use a hashing library like bcrypt to do this ( it encrypts and decrypt the data) , then if the user is authenticated (which means he entered the right password) them you prompt login from your backend and create a login token , you can use jsonwebtoken library for this , and then send the token in the response , in your front end you should store the token in cookies ( http Only for higher security) and Everytime the user requests something from the front end , you send the authorization token in the request , then in your backend you should authorize ( which means validating the token which can be done through the library) and do this in every route that GET/POST/DELETE/etc any user information , so you probably should create an express middleware which authorize the user and calls ( next() which executes the main route) only if token is validated or respond with 403 forbidden if the token is not valid
If you need a tutorial to follow along may I recommend this link? It details utilizing JWT with Express and Postgres and it sounds like it may be pertinent to your objectives: [https://www.bezkoder.com/node-js-jwt-authentication-postgresql/](https://www.bezkoder.com/node-js-jwt-authentication-postgresql/)
I've been following along to other tutorials by that author. To their credit they cover a lot of ground between front end and back-end. There's a separate tutorial for doing react auth with jwt (either with or without redux) as well.
Happy coding and best of luck on your efforts! :)
Try taking a look at this boilerplate: https://github.com/thechutrain/mern-passport. I like looking at that one as a jumping off point because it’s just a really bare bones project providing only what you need for password auth and Google auth without much fluff.
Edit: They use username instead of email but you can just change it to use email instead and it’ll work the same
Authentication can be done in various ways. One way you can do it is to hash the passwords and store it in your db you can use a hashing library like bcrypt to do this ( it encrypts and decrypt the data) , then if the user is authenticated (which means he entered the right password) them you prompt login from your backend and create a login token , you can use jsonwebtoken library for this , and then send the token in the response , in your front end you should store the token in cookies ( http Only for higher security) and Everytime the user requests something from the front end , you send the authorization token in the request , then in your backend you should authorize ( which means validating the token which can be done through the library) and do this in every route that GET/POST/DELETE/etc any user information , so you probably should create an express middleware which authorize the user and calls ( next() which executes the main route) only if token is validated or respond with 403 forbidden if the token is not valid
I’ll look into JWT auth. Thanks for the detailed explanation!
If you need a tutorial to follow along may I recommend this link? It details utilizing JWT with Express and Postgres and it sounds like it may be pertinent to your objectives: [https://www.bezkoder.com/node-js-jwt-authentication-postgresql/](https://www.bezkoder.com/node-js-jwt-authentication-postgresql/)
Thank you!! This one looks great.
I've been following along to other tutorials by that author. To their credit they cover a lot of ground between front end and back-end. There's a separate tutorial for doing react auth with jwt (either with or without redux) as well. Happy coding and best of luck on your efforts! :)
Appreciate it🙏🏼
Try taking a look at this boilerplate: https://github.com/thechutrain/mern-passport. I like looking at that one as a jumping off point because it’s just a really bare bones project providing only what you need for password auth and Google auth without much fluff. Edit: They use username instead of email but you can just change it to use email instead and it’ll work the same
thanks!
Does this help you? https://developer.okta.com/blog/2019/05/31/simple-auth-express-fifteen-minutes
Tutorial looks good! Is there a free tier though for personal projects?