Skip to content

a2rp/backend-refresh-token-auth-api

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

backend-refresh-token-auth-api

Backend authentication API using Access Token and Refresh Token flow with HttpOnly cookies.

Features

  • Register user
  • Login user
  • Access token (short-lived)
  • Refresh token (long-lived)
  • Refresh access token endpoint
  • Logout user
  • Protected route (get current user)
  • JWT authentication
  • HttpOnly cookies
  • MongoDB with Mongoose

Tech Stack

  • Node.js
  • Express.js
  • MongoDB
  • Mongoose
  • JWT
  • bcryptjs
  • cookie-parser

Environment Variables

Create a .env file:

PORT=1200
MONGO_URI=mongodb://127.0.0.1:27017/backend_refresh_token_auth
JWT_ACCESS_SECRET=access_secret_key
JWT_REFRESH_SECRET=refresh_secret_key
NODE_ENV=development

Install

npm install

Run

npm run dev

API Endpoints

Register

POST /api/auth/register

Login

POST /api/auth/login

Refresh Token

POST /api/auth/refresh-token

Get Current User (Protected)

GET /api/auth/me

Logout

POST /api/auth/logout

Notes

  • Uses access + refresh token strategy
  • Access token expires quickly (15 min)
  • Refresh token stored in DB
  • Cookies are HttpOnly for security
  • Use withCredentials: true in frontend

Follow Me

About

Secure backend authentication API implementing access token and refresh token flow with HttpOnly cookies using Node.js, Express, and MongoDB.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors