A demonstration of simple authorization code flow using Express.js.
This project is a demonstration of authorization code flow using JWTs with the Bearer schema. It uses Express.js to orchestrate a web server, and an in-memory JavaScript database for ease of demonstration. The database holds session and user data.
Authorization includes registration, login, logout, and session refresh. Password hashing, refresh token hashing, and refresh token rotation are also included. The authorization and resource endpoints exist in the same server for simplicity, however a proper setup these would exist as separate services.
Install dependencies:
cd express-auth-demo
npm installStart the dev server:
npm run devAlternatively, build the app and start the production server:
npm run build
npm run startThen call any request in the requests.http file.
Tests are located in the test folder. To run all tests:
npm run testTo run tests in watch mode:
npm run test:watchTo debug in VSCode, hover over the Debug option that appears next to the scripts in package.json and choose the dev script.