JWT Authentication
Stateless authentication using JSON Web Tokens with cookie-based sessions, middleware protection, and API token verification.
What's Included#
- JWT session creation and verification using the jose library
- Secure httpOnly cookie management for session tokens
- Session refresh and destruction helpers
- Edge-compatible JWT middleware for route protection
- Bearer token authentication for API routes
- Login flow with credential validation and token issuance
Usage#
Via CLI#
Loading code block...
Via AI Assistant#
Ask your AI assistant:
- "Use the JWT authentication pattern from Bootspring"
- "Apply the Bootspring JWT pattern to my project"
Key Considerations#
- Use strong secrets of at least 32 randomly generated characters
- Set short expiration times and implement refresh token rotation for longer sessions
- Always use httpOnly cookies to prevent XSS access to tokens
- Enable the secure flag so tokens are only sent over HTTPS in production
- Handle expired and invalid tokens gracefully with proper redirects
Related Patterns#
- Session Management - Advanced session handling
- NextAuth.js - NextAuth.js with JWT strategy
- MFA - Multi-factor authentication