How can i verify user account using email for PRODUCTION in nodejs

How can i verify user account using email for PRODUCTION in nodejs.
I just need the guide how account verification is done in PRODUCTION

Node is just a runtime for JavaScript: it doesn’t know anything about user authentication, it just runs JavaScript. We need a lot more information, eg what is the thing you are trying to build, what are you trying to do with it, what have you tried, if you’re building a serverside web app are you using a framework and if so what is it, etc etc.

For testing locally you can use Nodemailer, in production I recommend Postmark. That’s for sending emails part.

For generating link you can use any hashing library and endpoint that will verify hash (email address)

1 Like

thanks…can I use jwt-encode from jwt-simple so that I don’t need to store it in server?

I know what is nodejs express.Problem is that how email verification is done in Production EXPRESS,MONGODB REST API

thanks…can I use jwt-encode from jwt-simple so that I don’t need to store it in server?

JWT has nothing to do with this, as you need email verification on sign up or, in more advanced scenario, when user tries to login from unknown device - in both cases client won’t have token stored. In case when token has been expired there’s no need for email verification, as presence of token by itself verifies user

Yes but issue is that we don’t know what’s in your head – you didn’t say it was an Express app, or what you were building, or what you’d already tried.

As @snigo has said, you need something set up for the emails, both for sending them (some external service) and for generating the link. Using JWTs is fine, but that doesn’t really apply to what you’re asked; to verify using email you need services in place for that.

1 Like

I might understood you incorrectly, using JWT for encoding/decoding is perfectly ok, especially if you use JWT anyway for authentication:

jwt.sign({
  // Make it valid for 1 hour
  exp: Math.floor(Date.now() / 1000) + (60 * 60),
  // Email address you want to verify
  data: user.email,
}, process.env.JWT_SECRET, (err, token) => {
  const url = `${process.env.BASE_URL}/verify_email/?uid=${user.id}&token=${token}`;
  emailService.send('email_verification', url);
});

Something like this I guess. Make sure you have strong secret and you don’t include any sensitive information in the token, as JWT has pretty recognizable look and it’s very easy to decode - it’s mostly about signature.

1 Like

Thank you @snigo. I solved it with your help.
I have another question in my head that is if a user failed to verify within the expire date.
How he will be next time verified.
Thanks in advance.

If you can’t decode/verify JWT it means JWT expired.

Use the uid in link to determine the user and respond the link expired, click to resend etc.