DEV Community

Build a Login and Logout API using Express.js (Node.js)

Joshua M on March 15, 2023

Table of contents Introduction The Concept of Authentication and Authorization Authentication Authorization Setting up the devel...

Read full post

Maksym Sokolov • Dec 31 '23

Good article, thank you. But I found some bug in login logic. Need add await for this code, because isPasswordValid - always return Promise (true). Thanks again)

const isPasswordValid = await bcrypt.compare(
            `${req.body.password}`,
            user.password
        );

Joshua M • Jan 16 '24

Correct! Thanks for pointing out Maksym.
My hands are presently full. Will edit the article once I have a free time

Sharjeel Faiq • Apr 6 '24

I found that too. The guide is very useful and valuable. Please correct the mistake for the new learners. Thanks.

Sharjeel Faiq • Apr 16 '24 • Edited

If the command crypto.randomBytes(20).toString(‘hex’) does not generate a secret access token for you, then try the following one, i.e.

crypto.randomUUID(20).toString('hex')
'85ec4cea-2164-4ef7-ae91-b6d83208c3b9'

Sharjeel Faiq • Apr 6 '24

This is useful and amazing. Thanks a lot.

Gabriel Magevski • Feb 16

Thanks for the post, it helped me a lot!

Joshua M • Jul 23 '24 • Edited

Hi guys, I fixed the bug. Thank you all.
@trener_107 @mrmalik16

Amin Alhassan • Nov 20 '24

That a really good post, good for beginners and for a refresher on how to put things together building an auth system in express.

hithesh • Nov 30 '23

Thank you for the amazing content it really helped me

Eeshal Teluri • Jul 16 '24

Thank you very very much Josh, for taking your time and writing this post.

asciidude • Aug 10 '24

absolutely beautiful article 🙏 really helped with learning how JWTs work, thanks :D

Muhammad Umer Qazi • Oct 9 '24 • Edited

Is there anyone have problem to check the authentication when user login and then try to authenticate the user it give the error session has expired and i just login.
what would be the possible reason ?

Joshua M • Oct 10 '24

@muhammad_umerqazi can you check your request header to be sure you're sending a valid token. Also check your generate token logic

Muhammad Umer Qazi • Oct 14 '24

Yes, there was the issue import the token, Now its working. Thanks for highlighting the point

Hugo Seleiro • Nov 5 '24 • Edited

Hello, thanks for this post. It was a very interesting day doing this! I have some stuff to point out.

On authorization logic, in the verify function the import from the token is not correct, we must import only the SECRET_ACCESS_TOKEN and not config. SECRET_ACCESS_TOKEN.

On the creation of VerifyRole, in VerifyRole function the async is missing.

Thank you.