The hapi Node.js framework ships with a built-in validation mechanism for request input. You can seamlessly define a request’s validation rules on your route. Starting your hapi server with a misconfigured validation leads to assertion errors. In this tutorial, you’ll walk through the steps to fix the …

A JSON Web Key (JWK) is an important piece in the JWT universe because it represents a cryptographic key using a JSON data structure. Each JWK is represented by key-value pairs, like a typical JavaScript object but in JSON format. Additionally, the JSON Web Key Set is a JSON object …

When emptying an array in JavaScript/Node.js you’ll surely think of reassigning your array’s value to a new array. There’s another way to reset an array: set the length to zero. Let’s have a look at both ways. {{outline}} Assign an Empty Array A common …

All the previous tutorials in this series on JSON web tokens used a secret or private key in combination with a signing algorithm to create a token’s signature. But in contrast, the JWT specification also allows unsigned tokens. This supports use cases where a token’s content is secured …

You may know the touch command from your command line which creates an empty file if it doesn’t exist. This tutorial shows you how to implement touch in Node.js. You’ll implement a function that creates an empty file using Node.js. You’ll walk through an asynchronous …

JSON web tokens (JWT) are widely accepted on the Internet. You’ll find countless tutorials using JWT authentication. Most of them showing how to sign a JWT using an HMAC-based algorithm which is a quick way to get started. We both know that the copied code from a tutorial is …

With the release of Node.js v8, async functions became an integral component. Async functions provide a simpler API around promises by removing (most) of the callback-y code. The combination of async/await and promises is powerful, but you have to be careful not going too sequential. This tutorial shows …

All the previous JWT tutorials use a cryptographic signing to verify the token’s validity. Created tokens didn’t use any payload encryption. In case an attacker has access to a user’s JWT, they can seamlessly read the token payload. Verifying JWTs ensures that the requesting user sends a …