JWT Authentication Flow

Test the complete JWT authentication flow with middleware

1
Register/Login
2
Get Token
3
Test Protected API

📝 Step 1: Register New User

🔐 Step 2: Login (Get JWT Token)

🛡️ Step 3: Test Protected Endpoint

Test the JWT middleware by calling a protected endpoint. The token will be sent in the Authorization header.

📖 How JWT Middleware Works

1. Token Generation: When you register or login, the server generates a JWT token containing your user information.

2. Token Storage: The token is stored in your browser's localStorage and automatically included in API requests.

3. Middleware Verification: Protected routes use the authenticateToken middleware that:

  • Extracts the token from the Authorization: Bearer <token> header
  • Verifies the token signature and expiration
  • Attaches user information to req.user if valid
  • Returns 401/403 if token is missing or invalid

4. Protected Routes: Routes using authenticateToken middleware can access req.user to get authenticated user data.