Build Advanced MERN Auth: 2FA, Email Verification, Cookies, Sessions, and JWT with Node.js & Next.js

Learn to build a production-ready advanced authentication system using Node.js and Express. The system includes features like access tokens, refresh tokens, two-factor authentication, email verification, password reset, sending emails, managing sections, and structuring code for scalability.

Users can create an account and receive a confirmation link via email. Tokens are sent to the browser for device login tracking and session management. Two-factor authentication can be enabled for added security.

After logging in, users are prompted to verify two-factor authentication. Email verification and password reset functionalities are demonstrated.

Creation of a new directory and installation of necessary packages using npm. Configuration of TypeScript and installation of dependencies like cors, dotenv, dotenv-safe, express, jsonwebtoken, mongoose, passport, bcrypt, and others.

Updating the tsconfig.json file with project settings including specifying the source directory, output directory, excluding node_modules during compilation, and setting up compilerOptions.

Creating a database on MongoDB Atlas, obtaining connection credentials, configuring the database URL in the project, and connecting to the database from the application.

Implementation of error handling middleware to catch and handle errors in the application. Creation of custom error classes to represent different types of errors like bad request, unauthorized access, and internal server errors.

Creation of modules, routes, services, controllers, and validation for user registration. Setting up routes in the application and handling user input data like name, email, password, and user agent.

Creating schemas for validating user input data like email, password, and user agent. Reusing the schemas for different purposes such as registration and login.

Setting up user models and preferences including fields for email, password, two-factor authentication, and preferences like email notifications. Defining schema structures using Mongoose in MongoDB.

Managing user authentication by generating verification codes, creating sessions, and implementing token-based authentication. Working with JWT tokens, creating utility functions for token signing, and refreshing access tokens.

Implementing error handling by creating functions to handle different types of errors and respond accordingly. Setting up error instances and providing appropriate responses to errors in the API.

Setting the option type for JWT signing and displaying the available options.

Signing the JWT with default sign options and closing the token for use in the refresh token service.

Verifying the JWT token before usage and setting the token option.

Refreshing the JWT token with the refresh token and setting the expiration date.

Implementing email verification functionality and updating user details upon verification.

Setting up and sending a verification email to the user's email address for account confirmation.

Implementing the functionality to reset a user's password with email verification code for security.

Setting up access control by clearing the access and running a post request with a password reset and verification code.

Setting up protected routes using Passport JWT to handle session IDs and create a strategy for JWT authentication.

Implementing a logout API to clear user sessions and handling log out functionality in the controller and service.

Creating an API to retrieve user sessions, getting all sessions, and getting a single session using the service and controller.

Implementing an API to delete user sessions dynamically with controllers and services, including checking and handling session deletion.

Establishing the groundwork for 2FA with JWT, generating a secret key, creating a QR code, and setting up the MFA validator for verification.

Implementing an API to verify the 2FA code, enabling 2FA for users, and handling successful verification in the service.

The process of implementing user authentication in the backend by setting up endpoints for user login, MFA verification, password reset, and registration.

Setting up the frontend using Next.js, initializing Shanty, and setting up the project structure with routes for different authentication pages like sign up, password reset, and login forms.

Identified and resolved an error related to email matching during signup and sending. Ensured correct email usage for sending and signing in.

Implemented password reset functionality by creating a separate file for handling password reset. Updated reset page and form with necessary components for password recovery.

Implemented account confirmation functionality by creating a separate page and handling email verification. Verified user email upon account confirmation for security purposes.

Implemented a system to restrict access to certain routes based on user login status. Implemented middleware to handle protected routes and redirect users accordingly.

Set up a context provider in the application to manage user authentication data and access control. Created context for managing user authentication state and access permissions.

Implemented functionality to enable MFA using QR code scanning and one-time passwords. Verified MFA setup and added features for code verification.

Implemented the ability to revoke MFA access for users. Created functions to remove MFA settings and handle API calls for revoking access.

The chapter covers the implementation of Multi-Factor Authentication verification process for logging in. It includes setting up MFA data types, creating separate files for verification, handling email addresses, and testing the verification process.

This section focuses on session management within the application. It involves handling session data, displaying session information, managing sessions, and handling session deletion with user agents and expiration dates.

The chapter discusses the implementation of logging out functionality in the application. It covers setting up the log out dialog, handling the log out mutation function, changing themes, and testing the log out feature.

This chapter delves into token refresh and authorization processes in the application. It includes handling token expiration, updating tokens, intercepting unauthorized requests, and ensuring seamless authorization throughout the application.