A secure, production-level authentication system built with the MERN stack. Includes full JWT-based authentication with refresh tokens, email verification, Google OAuth2 login, role-based access (Admin/User).
- π JWT Access + Refresh Tokens
- π§ Email Verification on Registration
- π Refresh Token Rotation
- π Password Reset via Email (Link or OTP)
- π Secure Cookies (httpOnly, SameSite, Secure)
- π Role-Based Access Control (RBAC)
- π Google Login via OAuth2
- π Optional 2FA (via email or authenticator app)
- π‘ Security: Helmet, CORS, Rate Limiting, XSS Protection
| Layer | Tech |
|---|---|
| Frontend | React, Tailwind CSS, Axios, Formik, joi |
| Backend | Node.js, Express.js, MongoDB, Mongoose |
| Auth | JWT, bcrypt, Google OAuth, passportjs, nodemailer , SendGrid |
| Security | Helmet, cors, express-rate-limit, xss-clean, mongo-sanitize |
We use SendGrid for transactional emails (signup confirmation, password reset, notifications).
# Clone the repository
git clone https://github.com/manukumar7/mern-auth-system.git
# Move into the project directory
cd mern-auth-system
# Install dependencies
npm install
cd server
npm run devcd client
npm run devπ Contributions are welcome! Feel free to fork the repo and submit a pull request.
Built with β€οΈ by Manu Kumar Pal