Concept Flow - JWT token creation
Receive user data
Prepare payload
Use secret key
Call jwt.sign()
Generate token string
Send token to user
This flow shows how user data is turned into a JWT token using a secret key and the jwt.sign() function.
0
0
JWT token creation in Express - Step-by-Step Execution
Execution Sample
Express
const jwt = require('jsonwebtoken'); const payload = { id: 123, name: 'Alice' }; const secret = 'mysecretkey'; const token = jwt.sign(payload, secret); console.log(token);
This code creates a JWT token from user data and a secret key, then prints the token string.
Execution Table
| Step | Action | Input | Output | Notes |
|---|---|---|---|---|
| 1 | Prepare payload | { id: 123, name: 'Alice' } | Payload object ready | User data collected |
| 2 | Set secret key | 'mysecretkey' | Secret key string ready | Used to sign token |
| 3 | Call jwt.sign() | payload, secret | JWT token string generated | Token encodes payload and signature |
| 4 | Print token | token string | Token string output to console | Token looks like three base64 parts |
| 5 | End | N/A | Process complete | Token ready to send to user |
💡 Token creation completes after jwt.sign() returns the token string
Variable Tracker
| Variable | Start | After Step 1 | After Step 2 | After Step 3 | Final |
|---|---|---|---|---|---|
| payload | undefined | { id: 123, name: 'Alice' } | { id: 123, name: 'Alice' } | { id: 123, name: 'Alice' } | { id: 123, name: 'Alice' } |
| secret | undefined | undefined | 'mysecretkey' | 'mysecretkey' | 'mysecretkey' |
| token | undefined | undefined | undefined | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... |
Key Moments - 3 Insights
Why do we need a secret key when creating a JWT token?
The secret key is used to sign the token so that the server can verify it later. Without it, anyone could create fake tokens. See step 2 and 3 in the execution_table.
What does the jwt.sign() function output?
It outputs a string token that contains encoded user data and a signature. This token is what we send to the user. See step 3 and 4 in the execution_table.
Is the payload data visible in the token?
Yes, the payload is encoded (not encrypted) inside the token, so anyone can decode it but cannot change it without the secret. See step 3 output.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the value of 'token' after step 3?
💡 Hint
Check the 'Output' column at step 3 in the execution_table.
At which step is the secret key set in the variable_tracker?
💡 Hint
Look at the 'secret' row in variable_tracker and see when it changes from undefined.
If we change the secret key, what will happen to the token?
💡 Hint
Think about how the secret key affects the signature in jwt.sign() at step 3.
Concept Snapshot
JWT token creation in Express: - Prepare a payload object with user data - Use a secret key string - Call jwt.sign(payload, secret) to create token - Token is a string encoding data + signature - Send token to user for authentication
Full Transcript
This visual trace shows how to create a JWT token in Express. First, user data is prepared as a payload object. Then a secret key string is set. The jwt.sign() function is called with the payload and secret, which returns a token string. This token contains encoded user data and a signature to verify authenticity. Finally, the token is printed or sent to the user. Variables like payload, secret, and token change step-by-step as shown. Key points include the importance of the secret key for signing and the token being a string output. This process is essential for secure user authentication in web apps.