All courses > Information Technology > Backend development ::

Working with JSON Web Tokens (JWT) in NodeJS: How to generate a JWT in NodeJS

Capítulo 111

Estimated reading time: 3 minutes

+ Exercise

Listen in audio

0:00 / 0:00

JSON Web Tokens (JWT) is an open standard technology (RFC 7519) that enables the secure exchange of information between parties in the form of a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

In NodeJS, we can use packages like jsonwebtoken to work with JWTs. In this tutorial, we are going to explore how to generate a JWT in NodeJS.

Installation

To get started, we need to install the jsonwebtoken package. You can do this using npm (Node Package Manager) with the following command:

npm install jsonwebtoken

Once installed, you can import it into your file using:

const jwt = require('jsonwebtoken');

Creating a JWT

To create a JWT, we use the sign() function from the jsonwebtoken package. This function accepts three arguments:

Continue in our app.

Listen to the audio with the screen off.
Earn a certificate upon completion.
Over 5000 courses for you to explore!

Or continue reading below...

Download the app

The payload, which is a JSON object containing the claims. Claims are statements about an entity (usually the user) and additional information.
The secret, which is a string used to sign the token. This secret must be kept safe and must never be exposed.
The options, which is an object containing additional options such as the signature algorithm and token validity.

Here is an example:

const payload = {
  id: 1,
  name: 'John Doe',
  admin: true
};

const secret = 's3cr3t';

const options = {
  expiresIn: '2h'
};

const token = jwt.sign(payload, secret, options);

In this example, the payload contains three claims: id, name, and admin. The secret is 's3cr3t' and the token expires in 2 hours.

Checking a JWT

Once you create a JWT, you can verify its signature and decode the payload using the verify() function in the jsonwebtoken package. This function accepts three arguments:

The token, which is the JWT string you want to verify.
The secret, which is the same string used to sign the token.
The options, which is an object containing additional options, such as the signature algorithm.

Here is an example:

const decoded = jwt.verify(token, secret);

In this example, the verify() function returns the decoded payload if the token is valid. If the token is not valid (for example, if the signature does not match), the function will throw an error.

Conclusion

Working with JWTs in NodeJS is simple and straightforward thanks to the jsonwebtoken package. This package provides functions for creating and verifying JWTs, allowing you to implement secure authentication and authorization in your NodeJS applications.

It is important to remember that JWTs are only as secure as the secret used to sign them. So make sure you keep your secret safe and never expose it. Also, JWTs are encoded, not encrypted, which means that anyone who obtains the token will be able to decode the payload. Therefore, never put sensitive information in the payload of a JWT.

Now answer the exercise about the content:

What is the role of jsonwebtoken package in NodeJS?

You are right! Congratulations, now go to the next page

You missed! Try again.

The jsonwebtoken package provides functions to create and verify JSON Web Tokens (JWTs), allowing for secure authentication and authorization in NodeJS applications. By signing and verifying JWTs, this package helps ensure that information can be exchanged securely between parties, as JWTs can be digitally signed for authenticity using secrets or key pairs.