When should I generate a JWT Token?

Issue

I’m working on a multi-page app with ExpressJS and I was wondering if I should generate a JWT token when the user registers or when the user logs in.

I thought that generating the token on register would be good but then I saw some examples online generating the token on login.

So, when should I generate the token?

Solution

The JWT generation is required to be used later to identify the user in subsequent requests without re-login (provide user credentials).

On registration, you can save user data then generate token in the same request. If you only used login for that, that means after registration user needs to login and provide credentials to access protected endpoints.

I can’t see any difference between both in terms of security, so it’s dependent on project requirements/flow.

Answered By – Fadi Hania

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published