Basic boilerplate for building a secure backend in node.js, express, mongodb using JWOT access and refresh tokens.
docker-compose build
docker-compose up
chmod +x ./requestBackend.sh && ./requestBackend.sh
- Add Schema Validation
- Automatic Documentation
- User signs up by providing user and password.
- User logs in, client receives access and refresh token.
- Client uses access token to request resources from backend.
- If access token expires, refresh token is used to retrieves a new valid access tokens.
- When User logs out, client sends refresh token to logout to invalidate the refresh token.
- After client invalidates refresh token, no access tokens or refresh tokens can be generated.
| Endpoint | Verb | Body | Response on Success |
|---|---|---|---|
/login |
POST |
{"username":<Your Username>, "password":"supersecret"} |
{ "success":true,"err":null,"_id":<Unique User ID> "username":<Your Username>, "accessToken":<JWT Access Token>, "refreshToken":<JWT Refresh Token>} |
/logout |
POST |
{"refreshToken":<JWT Refresh Token>} |
{"success":true,"err":null,"invalidatedRefreshToken":<JWT Refresh Token>} |
/signup |
POST |
{"username":<Your Username>, "password":"supersecret"} |
{"success":true,"err":null,"_id":<Unique User ID> "username":<Your Username>} |
/tokens |
POST |
{"refreshToken":<JWT Refresh Token>} |
{"success":true,"err":null,"accessToken":<JWT Access Token>"} |