O'Reilly logo

Node.js Essentials by Fabian Cook

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Bearer tokens

Now that we have an authenticated user, we can generate a token that can be used with the rest of our requests rather than passing our username and password everywhere. This is commonly known as a Bearer token and, conveniently, there is a passport strategy for this.

For our tokens, we will use something called a JSON Web Token (JWT). JWT allows us to encode tokens from JSON objects and then decode them and verify them. The data stored in them is open and simple to read, so passwords shouldn't be stored in them; however, it makes verifying a user very simple. We can also provide these tokens with expiry dates, which helps limit the severity of tokens being exposed.

You can read more about JWT at http://jwt.io/.

We can install JWT using ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required