how to make login,signup system with email&password or google with nodejs
with email&password
signup
- take user’s email&password and save them in our database
login
- again take email&password but now validate them using database
- now if you want to that user won’t need to enter their email&password save JWT
what is JWT
think this is like saving user’s information like “email” in some hashed way inside client’s browser “called cookie” so any time when user enter our website we check this JWT and allowe user to logged in
in this one more thing comes called refresh token which I don’t think is so useful
Note: need to implement logout thing as well now because if your logged in other’s computer and as we do same step above this is a risk of user information
One more thing comes here people can enter any email and spam our service so it’s better to implement email verfications
Email verification
when user signin set is_verified_email:false and emailToken:”Some Random Unique token” in your database
{email:”example@gmail.com”,password:”some strong password”,is_verified_email:false,emailToken:”some random unique token”}
and as soon user signin send them mail having exact same “emailToken” like this example.com/email-verify/emailToken
now take this token and match exact same token in your database and if you find such user update your database is_verified_email:true and emailToken:null
{email:”example@gmail.com”,password:”some strong password”,is_verified_email:true,emailToken:null}
again here is chances of spamming because so many fake email service available you get the point
Now your favorite developer favorite developer’s favorite
social login [more specfic google]
still learning this to be continue and yes code is there I am working on that, this post is just for reference that for making simple login signup things require so many steps