For making things simple, we’ll be using a SQLite database but this can be easily changed to use fully-fledged database management systems like MySQL.<\/p>\n
Prerequisites<\/h4>\n
In this tutorial, you need to have:<\/p>\n
- \n
- A development machine with a recent version of Node.js and NPM installed,<\/li>\n
- And a basic knowledge of JavaScript.<\/li>\n<\/ul>\n
Creating the Express.js Server<\/h4>\n
Let’s start by creating our Node project. In your terminal run the following commands to generate a package.json<\/span> file inside the project’s folder:<\/p>\n
$ mkdir express-auth-project\r\n$ npm init -y<\/span><\/pre>\nThis command will generate an express-auth-project\/package.json<\/span> file with default content:<\/p>\n
{\r\n \"name\": \"express-auth-project\",\r\n \"version\": \"1.0.0\",\r\n \"description\": \"\",\r\n \"main\": \"index.js\",\r\n \"scripts\": {\r\n \"test\": \"echo \\\"Error: no test specified\\\" && exit 1\"\r\n },\r\n \"keywords\": [],\r\n \"author\": \"\",\r\n \"license\": \"ISC\"\r\n }<\/pre>\nFrom the main property, you can see that we need to create an index.js file that will be the entry point of our application i.e the first file that will be executed by Node. So simply create the file in your project’s folder:<\/p>\n
$ touch index.js<\/pre>\n
[blockquote]Note: Please note that you can use any name for your entry point file such as server.js instead of index.js but you should set that accordingly in the main property in your package.json file.[\/blockquote]<\/strong><\/em><\/p>\n
Before adding any code inside the index.js<\/span> file, we first need to install a bunch of packages from npm such as express<\/span>, sqlite3<\/span>, jsonwebtoken<\/span>, bcryptjs<\/span> and bodyparser<\/span>.<\/p>\n
Go to your terminal and run the following command to install the required libraries from npm:<\/p>\n
$ npm install --save express body-parser sqlite3 bcryptjs jsonwebtoken<\/pre>\n
At the time of this writing the following versions will be installed:<\/p>\n
bcryptjs@2.4.3<\/span>
\nsqlite3@4.0.4<\/span>
\nbody-parser@1.1<\/span>
\njsonwebtoken@8.4.0<\/span>
\nexpress@4.16.4<\/span><\/p>\nThe command will create a node_module<\/span>s folder inside your project’s folder where the packages and their dependencies are all installed. Since we’ve added the –save<\/span> option, the command will also update the the package.json file with these dependencies which will enable anyone who cloned the project to install the same packages you’ve installed with the previous command by simply running the npm install<\/span> command from the root of the project’s folder where package.json<\/span> exists.<\/p>\n
This is the content of package.json<\/span> at this point:<\/p>\n
{\r\n \"name\": \"express-auth-project\",\r\n \"version\": \"1.0.0\",\r\n \"description\": \"\",\r\n \"main\": \"index.js\",\r\n \"scripts\": {\r\n \"test\": \"echo \\\"Error: no test specified\\\" && exit 1\"\r\n },\r\n \"keywords\": [],\r\n \"author\": \"\",\r\n \"license\": \"ISC\",\r\n \"dependencies\": {\r\n \"bcryptjs\": \"^2.4.3\",\r\n \"body-parser\": \"^1.18.3\",\r\n \"express\": \"^4.16.4\",\r\n \"jsonwebtoken\": \"^8.4.0\",\r\n \"sqlite3\": \"^4.0.4\"\r\n }\r\n }<\/pre>\nAfter installing the required packages, you can now proceed by creating your Express server. Open the index.js<\/span> file and add the following code:<\/p>\n
\"use strict\";\r\nconst express = require('express');\r\nconst bodyParser = require('body-parser');\r\n\r\nconst app = express();\r\nconst router = express.Router();\r\n\r\nrouter.use(bodyParser.urlencoded({ extended: false }));\r\nrouter.use(bodyParser.json());<\/pre>\nWe first require the express<\/span> and body-parser<\/span> modules, new we create an Express application and en Express router. Finally we added body parser middlewares that will allow us to get parse JSON data from the request body.<\/p>\n
Next let’s define two \/login<\/span> and \/register<\/span> routes which both should accept a POST request from clients:<\/p>\n
router.post('\/register', (req, res) => {\r\n res.status(200).send({ access_token: '' });\r\n});\r\n\r\nrouter.post('\/login', (req, res) => {\r\n res.status(200).send({ access_token: '' });\r\n});<\/pre>\nWe use the post()<\/span> method of the router object to create a route that accepts a POST request. The method takes the path as the first parameter and a function to process the request as the second parameter. This function is passed two objects:<\/p>\n
- \n
- req<\/span> <\/strong>that represents the request sent from the client,<\/li>\n
- res<\/span><\/strong> that represents the response that will be sent to the client.<\/li>\n<\/ul>\n
Both these two objects contains values and methods to work with requests and responses.<\/p>\n
In the body of functions, we simply set the 200 OK<\/strong> status on the response and send it the client with an { access_token: ‘ ‘ }<\/span> body.<\/p>\n
This will return the following HTTP response to the client:
\nHTTP\/<\/span>1.1<\/span> 200<\/span> OK<\/span><\/span>
\nContent-Type:<\/span> application\/json<\/span><\/span><\/p>\n{<\/span>
\n\u00a0\u00a0\u00a0\u00a0 “access_token”<\/span>:<\/span> “”<\/span><\/span>
\n}<\/span><\/p>\nFor now the access token is empty so we’ll next change that to actually register, login and return an actual access token that will be used to authenticate the clients.<\/p>\n
Next, add the following code to set up the router and run Express server:<\/p>\n
app.use(router);\r\nconst port = process.env.PORT || 3000;\r\nconst server = app.listen(port, () => {\r\n console.log('Server listening at http:\/\/localhost:' + port);\r\n});<\/pre>\nAt this point, you can run your server using the following command from the root of your project:<\/p>\n
$ node index.js<\/pre>\n
In your terminal the Server listening at http:\/\/localhost:3000<\/span> will be displayed which means your server is up and running and available from the http:\/\/localhost:3000<\/span> address.<\/p>\n
You’ll be able to send POST requests to the http:\/\/localhost:3000\/register<\/span> and http:\/\/localhost:3000\/login<\/span> endpoints to respectively register and login users.<\/p>\n
Let’s also look at how we can create a route that accepts a GET request and returns a response to the client. In the index.js<\/span> file, add the following route:<\/p>\n
router.get('\/', (req, res) => {\r\n res.status(200).send('This is an authentication server');\r\n});<\/pre>\nThis will allow you to visit the http:\/\/localhost:3000\/<\/span> from your web browser. In your browser, you’ll see the This is an authentication server<\/strong> message.<\/p>\n
Adding a SQLite Database<\/h3>\n
To be able to register and login users in our application we need a way to persist users in our database. For this matter, we’ll use SQLite, a file based database that can be quickly created without installing a database management system like MySQL.<\/p>\n
Open the index.js file and require the sqlite3 package you’ve previously installed using the following code:<\/p>\n
const sqlite3 = require('sqlite3').verbose();<\/pre>\nNext create a database object using:<\/p>\n
const database = new sqlite3.Database(\".\/my.db\");<\/pre>\n
Put this code at the beginning of your index.js<\/span> file after the require method and before registering the routes.<\/p>\n
Next, add three methods to create the users<\/span> table where users are persisted, create a user in the database and find a user by its email in the database:<\/p>\n
const createUsersTable = () => {\r\nconst sqlQuery = '\r\n CREATE TABLE IF NOT EXISTS users (\r\n id integer PRIMARY KEY,\r\n name text,\r\n email text UNIQUE,\r\n password text)';\r\n\r\n return database.run(sqlQuery);\r\n}\r\n\r\nconst findUserByEmail = (email, cb) => {\r\n return database.get(`SELECT * FROM users WHERE email = ?`, [email], (err, row) => {\r\n cb(err, row)\r\n });\r\n}\r\n\r\nconst createUser = (user, cb) => {\r\n return database.run('INSERT INTO users (name, email, password) VALUES (?,?,?)', user, (err) => {\r\n cb(err)\r\n });\r\n}<\/pre>\nAfter defining these methods to create and work with the database, let’s create the users table by calling the createUsersTable()<\/span> right after the definition of the methods:<\/p>\n
createUsersTable();<\/pre>\n
Stop and run your server\u2014you should see a my.db<\/span> database file created in the root of your project.<\/p>\n
Configuring the jsonwebtoken<\/span> & bcryptjs<\/span> Modules<\/h3>\n
Before implementing our authentication flow, we need to setup the jsonwebtoken<\/span> and bcryptjs<\/span> modules that are respectively used to create JSON tokens and encrypt passwords before storing them in the database.<\/p>\n
First in the index.js<\/span> file and require jsonwebtoken<\/span> and bcryptjs<\/span>:<\/p>\n
const jwt = require('jsonwebtoken');\r\nconst bcrypt = require('bcryptjs');<\/pre>\nAlso add a secret key that will be used to sign the payloads to create JSON tokens:<\/p>\n
const SECRET_KEY = \"secretkey23456\";<\/pre>\n
Implementing the Register Route<\/h3>\n
Now, let’s implement the register route. In the index.js<\/span> file, add the following code to your register route:<\/p>\n
router.post('\/register', (req, res) => {\r\n\r\n const name = req.body.name;\r\n const email = req.body.email;\r\n const password = bcrypt.hashSync(req.body.password);\r\n\r\n createUser([name, email, password], (err) => {\r\n if (err) return res.status(500).send(\"Server error!\");\r\n findUserByEmail(email, (err, user) => {\r\n if (err) return res.status(500).send('Server error!');\r\n const expiresIn = 24 * 60 * 60;\r\n const accessToken = jwt.sign({ id: user.id }, SECRET_KEY, {\r\n expiresIn: expiresIn\r\n });\r\n res.status(200).send({\r\n \"user\": user, \"access_token\": accessToken, \"expires_in\": expiresIn\r\n });\r\n });\r\n });\r\n});<\/pre>\nWe first extract the name, email and password from the request body. Next, we call the createUser()<\/span> method by passing the extracted credentials for the new user to be created.<\/p>\n
In the callback function of the method:<\/p>\n
- \n
- We check if we have an error, in that case we return a 500<\/strong> HTTP response with the Server error! message,<\/li>\n
- Otherwise, we generate an access token based on the user ID (generated automatically in the database), a secret key and an expires in value (in seconds) using the sign()<\/span> method of jsonwebtoken<\/span>,<\/li>\n
- We finally return a 200<\/strong> response with a body containing the user, access token and the expires in value.<\/li>\n<\/ul>\n
Stop and run your server again\u2014If you now send a POST request with the following body:<\/p>\n
{\r\n \"email\": \"test@mail.com\",\r\n \"name\": \"test\",\r\n \"password\": \"test001\"\r\n}<\/pre>\nYou should get a 200<\/strong> response similar to the following:<\/p>\n
<\/p>\n
The response contains the created user information (the password is encrypted using bcrypt), an access_token<\/span> and expires_in<\/span> value (one day).<\/p>\n
Implementing the Login Route<\/h3>\n
After implementing the logic for registering users let’s now implement the login<\/span> route. In the index.js<\/span> file, add the following code:<\/p>\n
router.post('\/login', (req, res) => {\r\n const email = req.body.email;\r\n const password = req.body.password;\r\n findUserByEmail(email, (err, user) => {\r\n if (err) return res.status(500).send('Server error!');\r\n if (!user) return res.status(404).send('User not found!');\r\n const result = bcrypt.compareSync(password, user.password);\r\n if (!result) return res.status(401).send('Password not valid!');\r\n\r\n const expiresIn = 24 * 60 * 60;\r\n const accessToken = jwt.sign({ id: user.id }, SECRET_KEY, {\r\n expiresIn: expiresIn\r\n });\r\n res.status(200).send({ \"user\": user, \"access_token\": accessToken, \"expires_in\": expiresIn });\r\n });\r\n});<\/pre>\nWe first extract the login credentials i.e the email and password from the body of the request.<\/p>\n
Next, we call the findUserByEmail()<\/span> method to search for the user with the passed credentials in the SQLite database.<\/p>\n
In the callback of the method:<\/p>\n
- \n
- We check of there is an error, in that case we return a 500<\/strong> response,<\/li>\n
- Next, we check if the user exists in the database and returns a 404<\/strong> response if it doesn’t,<\/li>\n
- Next, we check if the passed password matches the database user’s password using the bcrypt.compareSync()<\/span> method and returns a 401<\/strong> response if not.<\/li>\n
- Finally we generate a token using the sign()<\/span> method of jsonwebtoken<\/span> and return a 200<\/strong> response with the user, access token and an expiration value.<\/li>\n<\/ul>\n
Again stop and run your server\u2014you should be able to login using the previously created user by sending the following data with a POST request to the \/login<\/span> endpoint:<\/p>\n
{\r\n \"email\": \"test@mail.com\",\r\n \"password\": \"test001\"\r\n}<\/pre>\nThis should return a 200<\/strong> HTTP response with a user<\/span> object, access_token<\/span> and expires_in<\/span> properties.<\/p>\n
Conclusion<\/h3>\n
In this tutorial, we’ve used Node, Express, body-parser<\/span>, jsonwebtoken<\/span>, sqlite3<\/span> and bcrypt<\/span> libraries and packages to create a simple REST server for JWT authentication.<\/p>\n","protected":false},"excerpt":{"rendered":"
Throughout this tutorial, we’ll be learning how you can create a JWT authentication server with Node.js and Express.js using some popular libraries like:<\/p>\n","protected":false},"author":7,"featured_media":4008,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[72,260],"tags":[264,266,261,263,80,262,267,265],"powerkit_post_featured":[],"class_list":{"0":"post-4003","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-nodejs","8":"category-jwt-authentication","9":"tag-bcryptjs","10":"tag-body-parser","11":"tag-jsonwebtoken","12":"tag-jwt-authentication","13":"tag-node","14":"tag-node-express","15":"tag-rest","16":"tag-sqlite3"},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2019\/01\/nodejs-token-based-authentication.png?fit=1050%2C438&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8NAi4-12z","jetpack-related-posts":[{"id":12847,"url":"https:\/\/code4developers.com\/connect-firebase-database-and-angular-app\/","url_meta":{"origin":4003,"position":0},"title":"Connect Firebase Realtime NoSQL Database with Angular App from Scratch","author":"Arif Khoja","date":"August 30, 2020","format":false,"excerpt":"In this tutorial, We are going to learn\u00a0How to connect Firebase Realtime NoSQL cloud database with Angular app from scratch?. We\u2019ll be using\u00a0AngularFire library for setting up Firebase database in the Angular web application. Firebase is a Google product, It is a real-time NoSQL cloud database that allows you to\u2026","rel":"","context":"In "Angular"","block_context":{"text":"Angular","link":"https:\/\/code4developers.com\/category\/angular\/"},"img":{"alt_text":"connect-angular-firebase","src":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2020\/08\/connect-angular-firebase.jpg?fit=715%2C350&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2020\/08\/connect-angular-firebase.jpg?fit=715%2C350&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2020\/08\/connect-angular-firebase.jpg?fit=715%2C350&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2020\/08\/connect-angular-firebase.jpg?fit=715%2C350&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2568,"url":"https:\/\/code4developers.com\/angularjs-application-end-to-end-testing-with-protractor-tool-part-1\/","url_meta":{"origin":4003,"position":1},"title":"AngularJS Application End to End Testing with Protractor Tool : Part 1","author":"Sneha Jaiswal","date":"June 8, 2017","format":false,"excerpt":"What is End to End Testing? End to End Testing is used to determine the performance of application as per requirement. For large and complex applications manual testing is not sufficient to verify the correctness of new features, catch bugs and notice regression. To resolve issue of integration between components\u2026","rel":"","context":"In "AngularJs"","block_context":{"text":"AngularJs","link":"https:\/\/code4developers.com\/category\/angularjs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2586,"url":"https:\/\/code4developers.com\/angular-4-installations\/","url_meta":{"origin":4003,"position":2},"title":"Angular 4 Installations","author":"Nisarg Dave","date":"June 14, 2017","format":false,"excerpt":"Introduction This article demonstrates how to install Angular 4 in your local system and start working with angular\/cli using basic commands. What is Angular 4? Before starting with Angular 4, we need to know about Angular 2. Angular 2 is totally different kind of framework from Angular 1. Angular 1\u2026","rel":"","context":"In "Angular"","block_context":{"text":"Angular","link":"https:\/\/code4developers.com\/category\/angular\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/06\/1.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/06\/1.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/06\/1.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/06\/1.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/06\/1.png?resize=1050%2C600 3x"},"classes":[]},{"id":2658,"url":"https:\/\/code4developers.com\/angular-4-application-with-visual-studio\/","url_meta":{"origin":4003,"position":3},"title":"Angular 4 in Visual Studio","author":"Nisarg Dave","date":"June 22, 2017","format":false,"excerpt":"Introduction In this article, we will discuss about how to set up and start Angular 4 in visual studio. As many of developers have worked with Microsoft tools and technologies, they preferred visual studio as web development platform. Step 1: Install Node.js and npm The first step is to install\u2026","rel":"","context":"In "Angular"","block_context":{"text":"Angular","link":"https:\/\/code4developers.com\/category\/angular\/"},"img":{"alt_text":"VS15","src":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/06\/1-2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3165,"url":"https:\/\/code4developers.com\/pug\/","url_meta":{"origin":4003,"position":4},"title":"Pug","author":"Arif Khoja","date":"December 15, 2017","format":false,"excerpt":"Pug is a template language for Javascript that I have grown to enjoy a lot. My impression is that a lot of people use it, if they use a template engine for server side rendering using Node. The big question is if you need it or not in 2017. I\u2026","rel":"","context":"In \"Node\"","block_context":{"text":"Node","link":"https:\/\/code4developers.com\/tag\/node\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2017\/12\/PugJs.png?fit=225%2C225&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":15822,"url":"https:\/\/code4developers.com\/aws-step-functions-tutorial\/","url_meta":{"origin":4003,"position":5},"title":"Getting Started with AWS Step Functions: Orchestration Made Simple","author":"Yatendrasinh Joddha","date":"September 1, 2025","format":false,"excerpt":"Cloud applications are rarely about a single piece of code. Take an e-commerce app for example: you receive an order, validate the payment, check inventory, update the database, and finally send a confirmation email. If you try to put all of this into one Lambda function, the code gets messy,\u2026","rel":"","context":"In "AWS"","block_context":{"text":"AWS","link":"https:\/\/code4developers.com\/category\/aws\/"},"img":{"alt_text":"AWS Step Functions","src":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2025\/09\/AWS-Step-Function.png?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2025\/09\/AWS-Step-Function.png?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2025\/09\/AWS-Step-Function.png?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2025\/09\/AWS-Step-Function.png?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/code4developers.com\/wp-content\/uploads\/2025\/09\/AWS-Step-Function.png?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/posts\/4003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/comments?post=4003"}],"version-history":[{"count":4,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/posts\/4003\/revisions"}],"predecessor-version":[{"id":4009,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/posts\/4003\/revisions\/4009"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/media\/4008"}],"wp:attachment":[{"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/media?parent=4003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/categories?post=4003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/tags?post=4003"},{"taxonomy":"powerkit_post_featured","embeddable":true,"href":"https:\/\/code4developers.com\/wp-json\/wp\/v2\/powerkit_post_featured?post=4003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Next, we check if the user exists in the database and returns a 404<\/strong> response if it doesn’t,<\/li>\n
- Otherwise, we generate an access token based on the user ID (generated automatically in the database), a secret key and an expires in value (in seconds) using the sign()<\/span> method of jsonwebtoken<\/span>,<\/li>\n
- res<\/span><\/strong> that represents the response that will be sent to the client.<\/li>\n<\/ul>\n
- req<\/span> <\/strong>that represents the request sent from the client,<\/li>\n
![\"Express-JWT\"](\"https:\/\/code4developers.com\/wp-content\/uploads\/2019\/01\/Express-JWT-300x113.png\")
<\/p>\n