A demonstration of simple authorization code flow using Express.js.
This project is a demonstration of authorization code flow using JWTs with the Bearer schema. It uses Express.js to orchestrate a web server, and an in-memory JavaScript database for ease of demonstration. The database holds session and user data.
Authorization includes registration, login, logout, and session refresh. Password hashing, refresh token hashing, and refresh token rotation are also included. The authorization and resource endpoints exist in the same server for simplicity, however a proper setup these would exist as separate services.
Install dependencies:
cd express-auth-demo
npm install
Start the dev server:
npm run dev
Alternatively, build the app and start the production server:
npm run build
npm run start
Then call any request in the requests.http file.
Tests are located in the test folder. To run all tests:
npm run test
To run tests in watch mode:
npm run test:watch
To debug in VSCode, hover over the Debug option that appears next to the scripts in package.json and choose the dev
script.