Secure Authentication distills everything I have learned about building resilient auth systems into a focused reference implementation. The project combines an Express API with a React client, showing how to ship authentication flows that remain secure and ergonomic for users.
Features
- HTTP-only cookie storage for access and refresh tokens to block XSS-driven token theft
- Rotating JWT strategy with refresh token rotation, device tracking, and blacklist handling
- Zod-powered validation and structured error handling for every auth endpoint
- Production-ready security middleware: rate limiting, helmet, CORS hardening, and CSRF protection
- React login, register, and password reset screens that consume the API and keep state with React Query
Extras
- Postman collection and walkthrough docs that explain each request/response cycle
- Extensive unit tests around token issuance, revocation, and guard middleware
- Docker Compose scripts to boot the database, API, and client locally in one command
Use this repo as a foundation when you need to spin up authentication quickly or as a learning resource for understanding modern JWT-cookie architectures.