Praveen Kumar
Oct 25, 2019 ⋅ 12 min read

Creating a full-stack MERN app using JWT authentication: Part 4

Praveen Kumar Blogger, MVP, Web Developer, Computer Software and UX Architect.

Recent posts:

Using Rust And Axum To Build A Jwt Authentication Api

Using Rust and Axum to build a JWT authentication API

Learn to build a basic JWT authentication system with Rust and Axum, including setting up the routes, handlers, and the middleware system.

Eze Sunday
May 29, 2024 ⋅ 9 min read
Building A Customizable Dashboard With Dashy

Building a customizable dashboard with Dashy

Dashy helps us create beautiful, customizable, modern dashboard pages with web service links and widgets.

Shalitha Suranga
May 29, 2024 ⋅ 10 min read
Winterjs Vs Bun: Comparing Javascript Runtimes

WinterJS vs. Bun: Comparing JavaScript runtimes

WinterJS is theoretically the fastest WinterCG JavaScript runtime. Let’s compare WinterJS to Bun, another runtime known for its speed.

Emmanuel Odioko
May 28, 2024 ⋅ 6 min read
Understanding Cross Platform Graphics In Rust With Wgpu

Leverage Rust and wgpu for effective cross-platform graphics

Use Rust with wgpu to work directly with the new WebGPU standard for better control, cross-platform performance, and bug handling.

Mario Zupan
May 28, 2024 ⋅ 36 min read
View all posts

3 Replies to "Creating a full-stack MERN app using JWT authentication: Part 4"

  1. Storing the jwt acces token in browser’s localstorage opens a security issue in your web app. Instead, it is much better to send jwt in a httponly cookie. The authentication server sends the jwt in a cookie to the client. By doing this, the front end does not have to take care of jwt at all. The browse will send the cookie automatically to the site.
    Here is a good blog on this topic: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage.
    Transforming the jwt of cookie to authentication http header may be done by the target service or by infrastructure on its own e.g. by a proxy server of the service mesh.

  2. Hi Praveen. Great tutorial, really helped me get started with JWT.
    One question though.
    When the client connects to the page with JWT in local storage, shouldn’t we run a ValidateJWT to make sure nobody tampered with the web token?
    Maybe it’s on the tutorial, but I followed it once an my final front end did not include it. That may be because I already had a frontend tho, so I didn’t follow that part step-by-step.

    Anywyas, thank you!

Leave a Reply