DEV Community

Benjamin Gil Flores
Benjamin Gil Flores

Posted on

Authentication system with the MERN Stack

A very strange night

Yesterday at night i decided to build the auth system for the application that im currently working on, in order to complete this task i watched some videos regarding this particular topic and based on the git hub repository of this instructor i was able to build up half of the auth system, meaning that i developed only the backend

Now, even tho my backend is working with this auth system just fine i found myself in the situation where i did not understood almost all of it, i dont really know why this thing that i build up works!

So as you can tell, that night was very strange

What are the pieces that comforms my auth system?

Well that i know of course, i used mongoDB, mongoose, passport, bcrypt, jwt, and i think thats all of them.

Help me out?

So i was wondering if by any chance, one of you guys have a book or a reference to a good post, or maybe a good documentation, a video, something that might help me understand a little bit more about how the auth system works on nodeJS, and what is a JWT token, what does it really do.

Watching those video series helped me a little bit but i still dont get most of it.

Thanks.

Top comments (3)

Collapse
 
neenjaw profile image
Tim Austin

From what I understand about passport and express applications on node js, it works like this:

passport is a library which implements middleware for express routes to authenticate users. This can be implemented as sessions in a cookie, or memory, or whatnot, thus passport provides a framework for various passport adaptations depending on what your authentication strategy is.

The JWT strategy authenticates users by encoding encrypted information in the HTTP headers.

After a users has been authenticated, a JWT token is returned so that the user doesnt have to continually pass sensitive credentials back and forth. The token is created with various info, then is signed by the application when then a user can pass back to authenticate themselves to the application. The token can then be decrypted once received by the application to determine the identity of the sender.

This freecodecamp article was of reasonable help to me.

Collapse
 
lilkedus profile image
Kedus Leji Yared

Thank you very much! I was wondering how I could associate specific recourses to an authenticated user. For example, Let's there is a todo application and each "todo page" is associated with an authenticated user. How would I implement this?

Collapse
 
benjiboy13 profile image
Benjamin Gil Flores

Great, thank you very much