Bird
Raised Fist0
Expressframework~5 mins

JWT token creation in Express - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What does JWT stand for and what is its main purpose?
JWT stands for JSON Web Token. It is used to securely transmit information between parties as a JSON object, often for authentication.
Click to reveal answer
beginner
Which npm package is commonly used in Express to create and verify JWT tokens?
The 'jsonwebtoken' package is commonly used to create and verify JWT tokens in Express applications.
Click to reveal answer
beginner
What are the three parts of a JWT token?
A JWT token has three parts separated by dots: Header, Payload, and Signature.
Click to reveal answer
intermediate
In Express, how do you create a JWT token with a payload containing a user ID and a secret key?
Use jsonwebtoken's sign method: jwt.sign({ userId: user.id }, 'your-secret-key', { expiresIn: '1h' })
Click to reveal answer
beginner
Why should the secret key used to sign JWT tokens be kept safe?
Because anyone with the secret key can create valid tokens or decode sensitive information, risking security.
Click to reveal answer
Which method from the 'jsonwebtoken' package creates a JWT token?
Ajwt.create()
Bjwt.verify()
Cjwt.sign()
Djwt.decode()
What is the purpose of the 'expiresIn' option when creating a JWT token?
ATo encrypt the token
BTo verify the token
CTo add user roles
DTo set how long the token is valid
What does the payload of a JWT token usually contain?
AThe secret key
BUser data or claims
CThe token signature
DThe server IP address
Which part of the JWT token ensures it has not been tampered with?
ASignature
BHeader
CPayload
DIssuer
In Express, where should you store the secret key used for JWT signing?
AIn environment variables
BIn the client-side code
CIn the public folder
DHardcoded in the source code
Explain how to create a JWT token in an Express app including the key steps and important options.
Think about the function call and what information it needs.
You got /5 concepts.
    Describe why JWT tokens are useful for authentication and what security practices should be followed.
    Consider how tokens replace sessions and what risks exist.
    You got /5 concepts.

      Practice

      (1/5)
      1. What is the main purpose of creating a JWT token in an Express app?
      easy
      A. To connect to a database
      B. To style the user interface
      C. To handle file uploads
      D. To securely store user information for authentication

      Solution

      1. Step 1: Understand JWT token role

        JWT tokens are used to safely store user data for verifying identity.

      2. Step 2: Identify correct purpose

        Among the options, only storing user info for authentication matches JWT's role.

      3. Final Answer:

        To securely store user information for authentication -> Option D

      4. Quick Check:

        JWT purpose = Authentication [OK]
      Hint: JWT tokens are for authentication, not UI or database [OK]
      Common Mistakes:
      • Confusing JWT with UI styling or database connection
      • Thinking JWT handles file uploads
      2. Which of the following is the correct syntax to create a JWT token using the jsonwebtoken package in Express?
      easy
      A. jwt.generate(payload, secretKey, { expiresIn: '1h' })
      B. jwt.create(payload, secretKey, { expiresIn: '1h' })
      C. jwt.sign(payload, secretKey, { expiresIn: '1h' })
      D. jwt.make(payload, secretKey, { expiresIn: '1h' })

      Solution

      1. Step 1: Recall jsonwebtoken method

        The correct method to create a token is jwt.sign()

      2. Step 2: Match syntax with options

        Only jwt.sign(payload, secretKey, { expiresIn: '1h' }) uses jwt.sign() with payload, secretKey, and expiresIn correctly.

      3. Final Answer:

        jwt.sign(payload, secretKey, { expiresIn: '1h' }) -> Option C

      4. Quick Check:

        Token creation method = sign() [OK]
      Hint: Remember: jsonwebtoken uses sign() to create tokens [OK]
      Common Mistakes:
      • Using incorrect method names like create or generate
      • Omitting the expiresIn option or using wrong syntax
      3. Given the code snippet:
      const jwt = require('jsonwebtoken');
const token = jwt.sign({ userId: 123 }, 'secret', { expiresIn: '2h' });
console.log(typeof token);

      What will be the output when this code runs?
      medium
      A. 'object'
      B. 'string'
      C. 'undefined'
      D. 'number'

      Solution

      1. Step 1: Understand jwt.sign output type

        jwt.sign returns a JWT token as a string.

      2. Step 2: Check typeof token

        Using typeof on the token returns 'string'.

      3. Final Answer:

        'string' -> Option B

      4. Quick Check:

        jwt.sign() output type = string [OK]
      Hint: jwt.sign() returns a token string, not an object [OK]
      Common Mistakes:
      • Assuming the token is an object
      • Expecting undefined or number type
      4. Identify the error in this JWT token creation code:
      const jwt = require('jsonwebtoken');
const token = jwt.sign({ id: 1 }, 12345, { expiresIn: '1h' });
      medium
      A. Secret key should be a string, not a number
      B. Payload must be a string, not an object
      C. expiresIn option is invalid
      D. jwt.sign requires a callback function

      Solution

      1. Step 1: Check secret key type

        The secret key must be a string for signing the token securely.

      2. Step 2: Identify error in code

        The code uses 12345 (a number) as secret key, which is incorrect.

      3. Final Answer:

        Secret key should be a string, not a number -> Option A

      4. Quick Check:

        Secret key type = string [OK]
      Hint: Secret key must always be a string for jwt.sign() [OK]
      Common Mistakes:
      • Passing number instead of string as secret key
      • Thinking payload must be string
      • Believing expiresIn is invalid
      • Assuming callback is mandatory
      5. You want to create a JWT token that expires in 30 minutes and includes the user's email and role. Which code snippet correctly achieves this in Express?
      hard
      A. jwt.sign({ email: user.email, role: user.role }, 'mySecret', { expiresIn: '30m' })
      B. jwt.sign({ email: user.email, role: user.role }, 'mySecret', { expiresAt: '30m' })
      C. jwt.sign({ email: user.email, role: user.role }, 'mySecret', { expireIn: 1800 })
      D. jwt.sign({ email: user.email, role: user.role }, 'mySecret', { expiresIn: 30 })

      Solution

      1. Step 1: Include correct payload fields

        The payload must include email and role from user object.

      2. Step 2: Use correct expiresIn format

        expiresIn accepts string like '30m' for 30 minutes; number means seconds but must be a number type without quotes.

      3. Step 3: Identify correct option

        Check each: expiresAt is invalid key; expireIn is misspelled; expiresIn: 30 is only 30 seconds. Only jwt.sign({ email: user.email, role: user.role }, 'mySecret', { expiresIn: '30m' }) is correct.

      4. Final Answer:

        jwt.sign({ email: user.email, role: user.role }, 'mySecret', { expiresIn: '30m' }) -> Option A

      5. Quick Check:

        expiresIn '30m' string format = correct [OK]
      Hint: Use expiresIn with string like '30m' for minutes [OK]
      Common Mistakes:
      • Using expiresAt instead of expiresIn
      • Using small numbers like 30 for expiresIn (30 seconds, not minutes)
      • Confusing expireIn with expiresIn