Ionic 6 JWT authentication tutorial with Node & Express.js
Ionic 6 is the most recent release of Ionic. In this article, we'll learn how to create a signin and registration module for authenticating users using Ionic 6 and Angular 13. Among other things, we'll learn how to use Angular modules, services, forms (through the forms module), and HTTP (via the http client).
We'll see how to utilize the HttpClient
of Angular to send POST requests to a back-end authentication server built using Node and Express.js, as well as the BehaviorSubject
observable to observe the authentication status.
We'll look at how to utilize the Ionic Storage module to save JWT data supplied by our Express.js server, such as the access token and expiry date.
Before your proceed, you need to make sure you have Node.js and NPM installed on your development machine. You should be able to install them by downloading the binaries for your system from the official website.
Now, let's get started!
Setting up Ionic CLI 6
Our first step is installing the Ionic CLI 6. Open your terminal and run this command:
$ npm install -g ionic
This will install the ionic package globally on your system. If you get any permission errors simply use sudo
before your command. If you are in Windows, use a CMD prompt with administrator access.
Creating an Ionic 6 Project
Let's now proceed by creating an Ionic 6 project. Head back to your terminal and run the following command:
$ ionic start ionic-auth-demo blank --type=angular
We use the --type
to specify the type of the framework we want to use with Ionic. Starting with v4, Ionic is only a mobile UI library that can be used on top of Angular, Vue and React or simply plain JavaScript to build hybrid mobile apps or progressive web apps.
We use the blank
template for generating a project which comes with one page called home.
A couple of questions will be asked by the CLI such as if you want to install Cordova and if you want to Install the free Ionic Appflow SDK and connect your app?. Answer those questions as you prefer because this won't affect our next steps in this tutorial.
Wait for the dependencies to be installed then navigate in your project's root folder and serve your application using these commands:
$ cd ionic-auth-demo
$ ionic serve
You can access your mobile application using your web browser from the localhost:8100
address.
Creating an Angular Module
Modules are used to organize your application code. For the authentication feature in our application we'll create a module that encapsulates the service and pages that handle user authentication. In your terminal, run:
$ ionic generate module auth
The src/app/auth/auth.module.ts
file will be created with the basic code for a module:
import { NgModule } from '@angular/core';
import { CommonModule } from '@angular/common';
@NgModule({
declarations: [],
imports: [
CommonModule
]
})
export class AuthModule { }
Our auth
module only imports the CommonModule
which is a built in Angular module that exports all the basic Angular directives and pipes, such as [NgIf](https://angular.io/api/common/NgIf)
, [NgForOf](https://angular.io/api/common/NgForOf)
, [DecimalPipe](https://angular.io/api/common/DecimalPipe)
, and so on.
You need to import the auth
module in the root application module of our Ionic 6 application. Open the src/app/app.module.ts
file and import AuthModule
then add it to the imports
array:
import { AuthModule } from './auth/auth.module';
@NgModule({
declarations: [AppComponent],
entryComponents: [],
imports: [BrowserModule, IonicModule.forRoot(), AppRoutingModule,
AuthModule
],
providers: [
StatusBar,
SplashScreen,
{ provide: RouteReuseStrategy, useClass: IonicRouteStrategy }
],
bootstrap: [AppComponent]
})
export class AppModule {}
Let's import other modules that are necessary for our application such as HttpClient
for sending HTTP requests, FormsModule
for working with forms and Ionic Storage module for working with local storage in Ionic apps.
Importing HttpClient
HttpClient
is the official http client of Angular so we need to import it in our Ionic/Angular project. Open the src/app/auth/auth.module.ts
file and import HttpClientModule
:
import { NgModule } from '@angular/core';
import { CommonModule } from '@angular/common';
import { HttpClientModule } from '@angular/common/http';
@NgModule({
declarations: [],
imports: [
CommonModule,
HttpClientModule
]
})
export class AuthModule { }
That's all we need to import HttpClient
in our authentication module.
Setting up Forms
Angular provides powerful APIs for working with forms either through the template-based forms or reactive forms. In this tutorial, we'll use template-based forms so we need to import FormsModule
in our main application module. In the same src/app/auth/auth.module.ts
file:
import { NgModule } from '@angular/core';
import { CommonModule } from '@angular/common';
import { HttpClientModule } from '@angular/common/http';
import { FormsModule } from '@angular/forms';
@NgModule({
declarations: [],
imports: [
CommonModule,
HttpClientModule,
FormsModule
]
})
export class AuthModule { }
Setting up Ionic Storage Module
The Ionic team provides the Ionic Storage module that can be used to work with the browser's local storage in mobile devices but before we can use it in our application, we need to install it from npm and import it in our authentication module. Head back to your terminal and run the following command:
$ npm install --save @ionic/storage
As of this writing, ionic/storage v2.2.0
will be installed on your project.
Next, include IonicStorageModule.forRoot()
in the imports
array:
import { NgModule } from '@angular/core';
import { CommonModule } from '@angular/common';
import { HttpClientModule } from '@angular/common/http';
import { FormsModule } from '@angular/forms';
import { IonicStorageModule } from '@ionic/storage';
@NgModule({
declarations: [],
imports: [
CommonModule,
HttpClientModule,
FormsModule,
IonicStorageModule.forRoot()
]
})
export class AuthModule { }
Creating the Angular Authentication Service
After setting up the necessary modules for our project, let's now create an authentication service that encapsulates communication with the Express server via HttpClient
. In your terminal, run:
$ ionic generate interface auth/user
This will generate a user interface in the src/app/auth/user.ts
file. Open the file and update it accordingly:
export interface User {
id: number;
name: string;
email: string;
password: string;
}
Note: We prefixed the interface name by
auth/
to tell the CLI to generate it inside theauth
module.
Also, you need to generate an interface for the server response:
$ ionic generate interface auth/auth-response
Open the src/app/auth/auth-response.ts
file and update it accordingly:
export interface AuthResponse {
user: {
id: number,
name: string,
email: string,
access_token: string,
expires_in: number
}
}
This corresponds to the response that will be returned from the authentication server that we'll be creating in the next section with Node and Express.js.
Next, generate the service using:
$ ionic generate service auth/auth
Two src/app/auth/auth.service.ts
and src/app/auth/auth.service.spec.ts
(tests) files will be generated.
Note: We prefixed the service name by
auth/
to tell the CLI to generate it inside theauth
module.
Open the src/app/auth/auth.service.ts
file and update it by following these steps. First add the necessary imports:
import { Injectable } from '@angular/core';
import { HttpClient } from '@angular/common/http';
import { tap } from 'rxjs/operators';
import { Observable, BehaviorSubject } from 'rxjs';
import { Storage } from '@ionic/storage';
import { User } from './user';
import { AuthResponse } from './auth-response';
We import:
-
HttpClient
for sending POST request to the Express server that handles authentication, - The
tap()
operator for performing side effects when subscribing to the observables returned by theHttpClient
methods, - The
Storage
module for persisting the access token and expiration date in the local storage, - The
Observable
,BehaviorSubject
APIs for working with asynchronous operations, - The
User
andAuthResponse
interfaces.
This is the definition of BehaviorSubject
:
One of the variants of Subjects is the
BehaviorSubject
, which has a notion of "the current value". It stores the latest value emitted to its consumers, and whenever a new Observer subscribes, it will immediately receive the "current value" from theBehaviorSubject
.
Next, declare these variables in the service class:
AUTH_SERVER_ADDRESS: string = 'http://localhost:3000';
authSubject = new BehaviorSubject(false);
The AUTH_SERVER_ADDRESS
holds the address of the Express authentication server and authSubject
is a type of Observable that will be used to subscribe to the authentication state.
Next, inject HttpClient
and Storage
services via the service's constructor:
constructor(private httpClient: HttpClient, private storage: Storage) { }
Sending a POST Request with HttpClient
for Registering Users
Next, add the register()
method that will be used for registering users in the Express server:
register(user: User): Observable<AuthResponse> {
return this.httpClient.post<AuthResponse>(`${this.AUTH_SERVER_ADDRESS}/register`, user).pipe(
tap(async (res: AuthResponse ) => {
if (res.user) {
await this.storage.set("ACCESS_TOKEN", res.user.access_token);
await this.storage.set("EXPIRES_IN", res.user.expires_in);
this.authSubject.next(true);
}
})
);
}
We simply use the post()
method to send a POST request to the /register
endpoint exposed by our authentication server that will be running from the localhost:3000/
address. We'll be creating the server with Node and Express.js in the next section.
We use the pipe()
function to chain multiple operators. In our case we want to perform a side effect for storing JWT information (the access token and expiration date) in the local storage so we use the tap()
operator that's available from RxJS.
In the tap()
operator we check if the response has a user object and we set persist the access token and expiration date with the ACCESS_TOKEN
and EXPIRES_IN
keys. Next, we emit a true value to our authSubject
using the next()
method.
Sending a POST Request with HttpClient
for Authenticating Users
Next, add the login()
method that will be used for authenticating users:
login(user: User): Observable<AuthResponse> {
return this.httpClient.post(`${this.AUTH_SERVER_ADDRESS}/login`, user).pipe(
tap(async (res: AuthResponse) => {
if (res.user) {
await this.storage.set("ACCESS_TOKEN", res.user.access_token);
await this.storage.set("EXPIRES_IN", res.user.expires_in);
this.authSubject.next(true);
}
})
);
}
We send a POST request with HttpClient
to the /login
endpoint of our Express.js server that handles JWT authentication. Next, we perform a side effect using the pipe()
method and tap()
operator available from RxJS for persist the JWT access token and expiration date returned from the server.
Logging out Users
Next, add the logout()
method that will be used for removing JWT authentication information from the local storage:
async logout() {
await this.storage.remove("ACCESS_TOKEN");
await this.storage.remove("EXPIRES_IN");
this.authSubject.next(false);
}
We also emit a false
value in the BehaviorSubject
representing the authentication state.
Getting the Authentication State
Finally add the isLoggedIn()
method that will be used for checking id the user is logged in or not:
isLoggedIn() {
return this.authSubject.asObservable();
}
We simply return authSubject
variable casted to an Observable using the asObservable()
method. You can check if the user is logged in by subscribing to call of this method.
Creating Ionic Pages
Now that we've created the service for authenticating users. Let's create the user interface with Ionic 6 UI components.
Check out this second tutorial: Ionic 6 Tutorial: Build a Login & Register UI.
Creating and Running an Express.js Authentication Server
Let's create a authentication server that exposes two /register
and /login
endpoints using Node.js and Express.js and a bunch of other modules.
First, create a folder for the server code:
$ mkdir express-auth-demo
Navigate in the folder and create a package.json
file:
$ npm init -y
Next, install the following dependencies:
$ npm install --save express body-parser sqlite3 bcryptjs jsonwebtoken cors
Next, create an index.js
file and add the following code:
"use strict";
const express = require('express');
const bodyParser = require('body-parser');
const cors = require('cors')
const sqlite3 = require('sqlite3').verbose();
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const SECRET_KEY = "secretkey23456";
const app = express();
const router = express.Router();
app.use(cors())
router.use(bodyParser.urlencoded({ extended: false }));
router.use(bodyParser.json());
const database = new sqlite3.Database("./my.db");
const createUsersTable = () => {
const sqlQuery = `
CREATE TABLE IF NOT EXISTS users (
id integer PRIMARY KEY,
name text,
email text UNIQUE,
password text)`;
return database.run(sqlQuery);
}
const findUserByEmail = (email, cb) => {
return database.get(`SELECT * FROM users WHERE email = ?`,[email], (err, row) => {
cb(err, row)
});
}
const createUser = (user, cb) => {
return database.run('INSERT INTO users (name, email, password) VALUES (?,?,?)',user, (err) => {
cb(err)
});
}
createUsersTable();
router.get('/', (req, res) => {
res.status(200).send('This is an authentication server');
});
router.post('/register', (req, res) => {
const name = req.body.name;
const email = req.body.email;
console.log(req.body);
const password = bcrypt.hashSync(req.body.password);
createUser([name, email, password], (err)=>{
if(err) return res.status(500).send("Server error!");
findUserByEmail(email, (err, user)=>{
if (err) return res.status(500).send('Server error!');
const expiresIn = 24 * 60 * 60;
const accessToken = jwt.sign({ id: user.id }, SECRET_KEY, {
expiresIn: expiresIn
});
res.status(200).send({ "user": user, "access_token": accessToken, "expires_in": expiresIn
});
});
});
});
router.post('/login', (req, res) => {
const email = req.body.email;
const password = req.body.password;
findUserByEmail(email, (err, user)=>{
if (err) return res.status(500).send('Server error!');
if (!user) return res.status(404).send('User not found!');
const result = bcrypt.compareSync(password, user.password);
if(!result) return res.status(401).send('Password not valid!');
const expiresIn = 24 * 60 * 60;
const accessToken = jwt.sign({ id: user.id }, SECRET_KEY, {
expiresIn: expiresIn
});
res.status(200).send({ "user": user, "access_token": accessToken, "expires_in": expiresIn});
});
});
app.use(router);
const port = process.env.PORT || 3000;
const server = app.listen(port, () => {
console.log('Server listening at http://localhost:' + port);
});
For more details about this code, check out Node Express JWT Authentication — jsonwebtoken and bcryptjs.
Next, add a start
script in package.json
:
"scripts": {
"start": "node index.js"
},
You can now, run your authentication server using:
$ npm start
Your server will be running from http://localhost:3000
.
You can use cURL to send POST requests to the authentication endpoints before creating the Ionic 6 UI. First run this command in a new terminal to register a user:
curl -H "Content-Type: application/json" -d '{"email":"[email protected]","name":"test", "password":"test"}' http://localhost:3000/register
Next, run this command to login the user:
curl -H "Content-Type: application/json" -d '{"email":"[email protected]", "password":"test"}' http://localhost:3000/login
Conclusion
In this tutorial, we've learned how to implement JWT authentication with Ionic 6, Angular 13 on the front-end and Node and Express.js in the back-end. We've seen how to send POST requests using HttpClient
and how to persist values on the local storage using the Ionic Storage module.
-
Date: