The goal of this exercise is to build a client to work with a JWT server, not implement the JWT server itself (unless you really want to). We have provided a very simple implementation of a JWT server.
To get started be sure to follow the regular steps:
- fork and clone this repository.
- cd inside the folder.
yarnornpm installto download all the dependencies listed inpackage.json.mongodto start your MongoDB server.yarn startto start the API server.
The server provides the following endpoints:
- Takes a
usernameandpasswordin the request body, creates a user, saves the user to the DB and returns a JWT token.
- Requires
usernameandpasswordto be sent in the request body. If the user exists, and the password is correct the result should be a shiny JWT.
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJ5YW5Acnlhbi5jb20iLCJpYXQiOjE1MTYyOTQ1NzMsImV4cCI6MTUxNjI5ODE3M30.Uv4Sr-wNIRQx_P977NG6HGCktuDHsAdu3o_sjqRP71k"
}
- This will be the token you need to send up to
[GET] /api/users
- Requires a valid JWT token to be sent in the
Authorizationheader. No need to add the wordBearer, just the token. - An example could look like this:
headers: {
Authorization: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJ5YW5Acnlhbi5jb20iLCJpYXQiOjE1MTYyOTQ1NzMsImV4cCI6MTUxNjI5ODE3M30.Uv4Sr-wNIRQx_P977NG6HGCktuDHsAdu3o_sjqRP71k"
}
- If your token is valid, you'll get a list of the users stored in the database.
Build a React client to connect to the provided server.
- add client side routes and components for
signup,signinand showing a list ofusersstored in the database. - the
/signuproute should provide a form to gather username and password for the user and make a POST request to the/api/registerroute on the API. If the user is created successfully, take the returned token, save it to the browser's local storage and redirect the user to the/usersroute. - the
/signinroute should provide a form to gather username and password for the user and make a POST request to the/api/loginroute on the API. Upon successful login, persist the returned token to the browser's local storage and redirect the user to the/usersroute. - the
/usersroute should read the token from local storage and make a GET request to the/api/usersroute on the API attaching the token as the value of theAuthorizationheader. - provide a button to
sign outthat will remove the token from local storage. - add any extra functionality to make the application more user friendly like showing a message and redirecting to
/signinif an unauthenticated user tries to access the list of users.