Express.js
Authentication with JWT in Express.js
I shipped JWT auth with tokens that never expired, stored in localStorage, to production. This is the post-mortem. Covers JWT structure, why your token strategy probably has holes, access and refresh tokens done right, password hashing with bcrypt, and the storage debate that never ends.