JWT server

I built this project to better understand how authentication actually works. I had some ideas built over time on unrelated projects, but it mostly seemed like magic to me. This small demo helped me get my hands dirty with JWTs, password hashing and the whole flow of keeping users logged in securely. It’s not a fully functioning app, but it was what I needed to wrap my head around some initial concepts.

One of the biggest challenges for me was figuring out how to handle logout with JWTs. Since JWTs are stateless, I learned that you can’t just ‘delete’ a token when someone logs out, as it’s still valid until it expires. I ended up tracking invalid tokens in a dummy database in memory - which I’m aware undermines the purpose of stateless tokens! - but it helped me explore the trade-offs and challenges that come with authentication in general.

I also got to practice with input validation, password hashing using bcrypt, and setting up secure cookies with the right flags. The project threw up plenty of opportunities to identify and debug various issues, and each one taught me something new about how these pieces fit together. It also gave me the opportunity to work a little on the backend with Node and Express.

Most importantly, this project helped me to build the foundation I needed to build my first full application afterward. Even though I used Supabase Auth in that case, the underlying research here was invaluable in understanding and tracking down bugs.