Building Authentication with passport.js Chapter 6
Since the JWT strategy is a part of passport.js, we will need to initialize that as well. We
also need to add some configurations for JWT options to extract the data from the payload,
and unencrypt it and then encrypt it again when a request is made to the server.
The secret key is something that you can configure. It basically represents the token of your
app. Ensure that it is not easily guessable.
Also, we have added an endpoint, which makes a POST request
to localhost:8081/users/login and takes the user's email and password. The
following are a couple of things that this method does:
Checks whether the user with the given email exists. If it does not exist, it sends a
status code of 404, stating that the user does not exist in our app.
Compares the provided password with our user's password in the app. If there is
no match, it sends an error response stating that passwords do not match.
If everything goes fine, it signs the user's payload with the JWT signature,
generates a token, and responds with that token.
Now, let's test this endpoint in Postman. You should be able to see the token returned in the
response, as follows: