Almost every application we build uses some internal ‘secrets’. Examples of such secrets would be the private key against which JWT’s are generated for authentication or an API key used to make an API call to another service. Typically, we store these secrets as environment variables. In most Node.js apps, we store the secrets in a .env file and use the dotenv npm package to retrieve them.

The Problem

Today, most applications are deployed to production using CI/CD tools. All we do is commit our changes to a git repository (most commonly GitHub) and then our CI/CD workflow kicks in and handles…


Image Courtesy : https://zafulabs.com/2019/06/19/humans-can-code-too-idempotency/

Imagine this : you get back home from a long day at work, famished and hungry. So, you decide to order some food online and open your favorite food ordering app (lets call it ‘Buggy’ 😉). You select your food from your favorite restaurant on Buggy, place an order by completing the payment but then your app shows ‘Your order was not placed. Please retry’. Now given your ravenous appetite at the moment, you’d probably hit that retry button, pay again and maybe have your order placed successfully this time. You navigate to the order history page and boom! You…


In the previous part, I discussed how to implement authentication using JWT and refresh token using Node.js, Express, and MongoDB on the server-side. You can read that post here. In this part, I shall discuss how to implement the same in a React application.

Client-Side

Let’s start by creating a new React app. Open a terminal and run the following command : create-react-app client . I’ll call my app ‘client’, you can call yours whatever you want. If you do not have create-react-app installed, you can install it using npm install -g create-react-app . …


Authentication using JWT (JSON Web Token) is very useful for developing cross-platform applications. The flow of the authentication process is :

  1. User logs in using their credentials. On a successful login, the server issues an access token which is valid for a certain period of time (say 10 minutes).
  2. On every request to a protected resource, the token must be provided in the request as a header.
  3. When the token expires after the stipulated time (10 minutes in our case), the user gets logged out of the system and needs to log in again.

The last step can be very…

Subhasis Das

CSE Undergrad. Developer, Memer, (Pro)crastinator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store