jwt strategy

What is JWT Strategy?

JWT (JSON Web Token) Strategy is a way of verifying the authenticity of a user in a web application. It is a secure method of authentication in which a token is generated and sent to the client after the user logs in. This token contains information about the user and is signed by the server. The client sends this token with every request, and the server verifies the token's signature to authenticate the user.

How does JWT Strategy work?

  • The user logs in with their credentials.
  • The server checks the credentials and generates a token with a secret key.
  • The token is sent to the client as a response to the login request.
  • The client stores the token.
  • Every subsequent request sent by the client includes the token in the header.
  • The server receives the request and verifies the token's signature using the secret key.
  • If the signature is valid, the server processes the request.

The JWT token consists of three parts: a header, a payload, and a signature. The header contains information about the algorithm used to sign the token, while the payload contains information about the user. The signature is generated using a secret key that only the server knows.

Implementing JWT Strategy in Node.js

Here's an example of how to implement JWT Strategy in Node.js using Passport.js:

const passport = require('passport');
const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const User = require('./models/user');

const opts = {}
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = 'secret';

passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
    User.findById(jwt_payload.sub, function(err, user) {
        if (err) {
            return done(err, false);
        if (user) {
            return done(null, user);
        } else {
            return done(null, false);

In this example, we are using the passport-jwt library to implement JWT Strategy. We define a new strategy using a secret key and the "ExtractJwt" function to extract the token from the request header. We then use the "User.findById" function to find the user in the database based on their user ID in the token's payload. If the user is found, we call the "done" function with the user object. If not, we call "done" with a false value.


JWT Strategy is a powerful and secure way of authenticating users in web applications. It provides a simple and efficient way of verifying user identity without relying on sessions or cookies. By implementing JWT Strategy in your Node.js application, you can ensure that your users' data is kept safe and secure.

Subscribe to The Poor Coder | Algorithm Solutions

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]