Expressframework~30 mins

JWT token verification middleware in Express - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

JWT Token Verification Middleware in Express

📖 Scenario: You are building a simple Express server that needs to protect certain routes by verifying JWT tokens sent by clients.This helps ensure only users with valid tokens can access protected data.

🎯 Goal: Create a JWT verification middleware function in Express that checks the token from the request headers and allows or denies access accordingly.

📋 What You'll Learn

Create a variable called jwt that requires the jsonwebtoken package

Create a middleware function called verifyToken that reads the token from req.headers['authorization']

Check if the token exists and starts with 'Bearer '

Verify the token using jwt.verify with the secret key 'mysecretkey'

If verification passes, call next() to continue; otherwise, respond with status 401 and message 'Unauthorized'

Export the verifyToken middleware function

💡 Why This Matters

🌍 Real World

JWT token verification middleware is used in real web servers to protect routes and ensure only authenticated users can access certain resources.

💼 Career

Understanding how to implement middleware for JWT verification is a common requirement for backend developers working with Node.js and Express in secure web applications.

Progress0 / 4 steps

Setup JWT package import

Create a variable called jwt that requires the jsonwebtoken package.

Express

# Your code here

Need a hint?

Use require('jsonwebtoken') to import the JWT library.

Create the verifyToken middleware function

Create a middleware function called verifyToken that reads the token from req.headers['authorization'] and stores it in a variable called authHeader.

Express

const jwt = require('jsonwebtoken');

// Your code here

Need a hint?

Middleware functions take req, res, and next as parameters.

Read the token from req.headers['authorization'].

Check token presence and verify it

Inside verifyToken, check if authHeader exists and starts with 'Bearer '. Extract the token part after 'Bearer ' into a variable called token. Then verify the token using jwt.verify(token, 'mysecretkey', callback). If verification fails, respond with status 401 and message 'Unauthorized'. If it passes, call next().

Express

const jwt = require('jsonwebtoken');

function verifyToken(req, res, next) {
    const authHeader = req.headers['authorization'];
    // Your code here
}

Need a hint?

Check if authHeader exists and starts with 'Bearer '.

Use slice(7) to get the token part.

Use jwt.verify with a callback to handle success or failure.

Export the verifyToken middleware

Export the verifyToken middleware function using module.exports = verifyToken;.

Express

const jwt = require('jsonwebtoken');

function verifyToken(req, res, next) {
    const authHeader = req.headers['authorization'];
    if (authHeader && authHeader.startsWith('Bearer ')) {
        const token = authHeader.slice(7);
        jwt.verify(token, 'mysecretkey', (err, user) => {
            if (err) {
                return res.status(401).json({ message: 'Unauthorized' });
            }
            req.user = user;
            next();
        });
    } else {
        return res.status(401).json({ message: 'Unauthorized' });
    }
}

// Your code here

Need a hint?

Use module.exports to export the middleware function.