JSON Web Token authorization API
An example implementation of JWT-based API for user registration and authorization.
- User register;
- User login;
- Token generation and validation;
- Password reset (with a reset token);
- Password change (with JWT credentials);
- Account locking.
Things to do:
- Optional email notifications (based on environment);
- Keep reset token encrypted and with a validity date;
- Unlock after some freeze period;
- Registration confirmation (with a confirm token).
npm run start
or, if you have Sails globally:
For security reasons, please change JWT_SECRET in
/user/create /user/login /user/forgot /user/reset_password
To pass a JWT token use
Authorization: Bearer <JWT Token>
API methods description
For some reasons I do not use REST. Shortcuts also disabled by default
Creates a new user. Requirements for the password: length is 6-24, use letters and digits.
N.B. Account will be blocked after
5 fails in
2 mins (configurable in
Changes user password. User should be authorized.
N.B. All old tokens will be invalid after changing password.
Initiates procedure of password recovery.
Reset password to a new one with a reset token. Reset token sends to a user after
All endpoints uses HTTP status codes to notify about execution results
200ok, reqeust executed successfully;
201created, new user created successfully;
400bad requests, usually means wrong params;
403forbidden, for locked accounts;
500server error, something went wrong.
The project uses Travis-CI and Coveralls integration and has some tests. Run it via:
npm run test
This project is based on this repo:
I refactored and improved it for myself.
It is MIT.