In this article, you'll learn how to implement stateless authentication in Deno using JSON Web Tokens. As we all know, JSON Web Tokens can only be invalidated when they expire, so we'll include a persistent storage like Redis to serve as an extra layer of security.
- Run the Deno JWT Authentication API Locally
- JWT Authentication Flow
- Flaws of Stateless JWT Authentication
- JWT Invalidation/Revocation
- Resource Access Denial
- Stale Data
- JWT can be Hijacked
- Suggested Solution of JWT Loopholes
- Store Revoked JWTs in a Database
- Store JWT Metadata in a Persistence Layer
- Setup the Deno Project
- Setup Redis and MongoDB with Docker
- Connect to Redis and MongoDB Servers
- Connect to Redis Server
- Connect to MongoDB Server
- Create the Database Model
- Generate the Private and Public Keys
- Generate the Crypto Keys
- Convert the String Keys to Crypto Keys
- Sign and Verify the JSON Web Tokens
- Sign the JWT
- Verify the JWT
- Create the Authentication Route Handlers
- SignUp User Controller
- Login User Controller
- Refresh Access Token Controller
- Logout User Controller
- Get me Controller
- Create an Auth Middleware Guard
- Create the API Routes
- Register the API Router
- Test the JWT Authentication API
- SignUp User
- SignIn User
- Get Profile Information
- Refresh Access Token
- Logout User
Read the entire article here: https://codevoweb.com/deno-jwt-access-and-refresh-tokens-authentication/