{"componentChunkName":"component---src-templates-blog-post-js","path":"/Authentication and Authorization/","webpackCompilationHash":"fbb20c27e610daab547e","result":{"data":{"site":{"siteMetadata":{"title":"Articles","author":"Aman-Sharma"}},"markdownRemark":{"id":"752ebb80-93a2-54a0-9ab4-757fdba8bdff","excerpt":"If We Are Having Some Protected Routes That Provides Resources and Informational Data To User Without Authentication And Authorization Then There Will Be…","html":"<p>If We Are Having Some Protected Routes That Provides Resources and Informational Data To User Without Authentication And Authorization Then There Will Be Compromise With The Sensitive Information That’s Why We Implemented The Auth Part To Protect Our Application</p>\n<p><u>Using The Jwt Tokens To Making The Protected Routes:-</u></p>\n<p>Jwt Is Called JsonWebToken Which Generates The Json Token.When The Client Side Information Comes To Server The Mongodb Database Verifies The Information Then The Jwt Comes In Play To Generate The Token.</p>\n<p>Example:-</p>\n<p>var token = auth.generateToken({userid: user._id})</p>\n<p>Here We Are Generating The Token By Using The Jwt It Takes a Parameter Which Can Be Used for Generating The Token.That Parameter Is Either The User _id Provided By The Mongodb Or The Username</p>\n<p>Now Using The Jwt Token For Making Our Route Protected:-</p>\n<p>To Making The Route Protected We Just Have To Implemented That Token based Authentication In Our Route So When Someone Passes Through Our Route He Just Have\nTo Passed Through The Middleware Which Verifies That The Particular User Is having Token Or Not If It Is Having The Token Then He Will Be Able To Access The Particular Route Otherwise Not.\nExample:-</p>\n<div class=\"gatsby-highlight\" data-language=\"js\"><pre class=\"language-js\"><code class=\"language-js\"><span class=\"token comment\">//protectedRoute</span>\nrouter<span class=\"token punctuation\">.</span><span class=\"token function\">get</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"/users\"</span><span class=\"token punctuation\">,</span> auth<span class=\"token punctuation\">.</span>verifyToken<span class=\"token punctuation\">,</span> <span class=\"token punctuation\">(</span><span class=\"token parameter\">req<span class=\"token punctuation\">,</span> res</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">=></span> <span class=\"token punctuation\">{</span>\n  UserModel<span class=\"token punctuation\">.</span><span class=\"token function\">find</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">{</span><span class=\"token punctuation\">}</span><span class=\"token punctuation\">,</span> <span class=\"token punctuation\">(</span><span class=\"token parameter\">err<span class=\"token punctuation\">,</span> users</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">=></span> <span class=\"token punctuation\">{</span>\n    <span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span>err<span class=\"token punctuation\">)</span> res<span class=\"token punctuation\">.</span><span class=\"token function\">json</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">{</span> Error<span class=\"token punctuation\">:</span> ErrorFounded <span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span>\n    res<span class=\"token punctuation\">.</span><span class=\"token function\">json</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">{</span> users<span class=\"token punctuation\">:</span> users <span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span>\n  <span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span>\n<span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span></code></pre></div>\n<p>By This Way We Can Protect Our Any Route By using The jwt Authentication.</p>\n<p>Middleware Which Can Generates The Token And Verifies The Token:-</p>\n<div class=\"gatsby-highlight\" data-language=\"js\"><pre class=\"language-js\"><code class=\"language-js\"><span class=\"token comment\">//requring the token</span>\n<span class=\"token keyword\">var</span> jwt <span class=\"token operator\">=</span> <span class=\"token function\">require</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"jsonwebtoken\"</span><span class=\"token punctuation\">)</span></code></pre></div>\n<div class=\"gatsby-highlight\" data-language=\"js\"><pre class=\"language-js\"><code class=\"language-js\"><span class=\"token comment\">//generating the middleware for token generating</span>\nmodule<span class=\"token punctuation\">.</span>exports<span class=\"token punctuation\">.</span><span class=\"token function-variable function\">generateToken</span> <span class=\"token operator\">=</span> <span class=\"token keyword\">function</span><span class=\"token punctuation\">(</span><span class=\"token parameter\">payload</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n  <span class=\"token keyword\">return</span> jwt<span class=\"token punctuation\">.</span><span class=\"token function\">sign</span><span class=\"token punctuation\">(</span>payload<span class=\"token punctuation\">,</span> <span class=\"token string\">\"abcdef\"</span><span class=\"token punctuation\">)</span>\n<span class=\"token punctuation\">}</span></code></pre></div>\n<div class=\"gatsby-highlight\" data-language=\"js\"><pre class=\"language-js\"><code class=\"language-js\"><span class=\"token comment\">//generating the verify middleware</span>\nmodule<span class=\"token punctuation\">.</span>exports<span class=\"token punctuation\">.</span><span class=\"token function-variable function\">verifyToken</span> <span class=\"token operator\">=</span> <span class=\"token keyword\">function</span><span class=\"token punctuation\">(</span><span class=\"token parameter\">req<span class=\"token punctuation\">,</span> res<span class=\"token punctuation\">,</span> next</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n  <span class=\"token keyword\">var</span> token <span class=\"token operator\">=</span> req<span class=\"token punctuation\">.</span>headers<span class=\"token punctuation\">.</span>authorization <span class=\"token operator\">||</span> <span class=\"token string\">\"\"</span>\n  <span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span>token<span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n    jwt<span class=\"token punctuation\">.</span><span class=\"token function\">verify</span><span class=\"token punctuation\">(</span>token<span class=\"token punctuation\">,</span> <span class=\"token string\">\"abcdef\"</span><span class=\"token punctuation\">,</span> <span class=\"token punctuation\">(</span><span class=\"token parameter\">err<span class=\"token punctuation\">,</span> decoded</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">=></span> <span class=\"token punctuation\">{</span>\n      <span class=\"token comment\">// console.log(decoded)</span>\n      <span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span>err<span class=\"token punctuation\">)</span> res<span class=\"token punctuation\">.</span><span class=\"token function\">json</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">{</span> token<span class=\"token punctuation\">:</span> <span class=\"token string\">\"notVerify\"</span> <span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span>\n      <span class=\"token function\">next</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span>\n    <span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span>\n  <span class=\"token punctuation\">}</span> <span class=\"token keyword\">else</span> <span class=\"token punctuation\">{</span>\n    <span class=\"token keyword\">return</span> res<span class=\"token punctuation\">.</span><span class=\"token function\">json</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">{</span> token<span class=\"token punctuation\">:</span> <span class=\"token string\">\"notFound\"</span> <span class=\"token punctuation\">}</span><span class=\"token punctuation\">)</span>\n  <span class=\"token punctuation\">}</span>\n<span class=\"token punctuation\">}</span></code></pre></div>\n<p>Any Request Comes To A Particular Route It Must Have To Be Passes Through It\nThat’s How Whole Authentication AndAuthorization Works.</p>","frontmatter":{"title":"Authentication and Authorization","date":"December 10, 2019","description":" Explanations of Authentication and Authorization "}}},"pageContext":{"isCreatedByStatefulCreatePages":false,"slug":"/Authentication and Authorization/","previous":{"fields":{"slug":"/React-Redux /"},"frontmatter":{"title":"React Redux"}},"next":{"fields":{"slug":"/Flow Of Fullstack Application(MERN)/"},"frontmatter":{"title":"Fullstack Application Work Flow (MERN)"}}}}}