MockAuth

An Application for mocking authentication process.
You can use this application as a backend for learning purposes.

Powered by Next.js and MongoDB

About the project

I created this application in order to help guys who are learning development. When I was learning frontend development I had some difficulties to practice authentication process since there are no public APIs for this stuff. So I hope this app will help you to get through that little difficulty that I have experienced.

With this app:

  • You can mock Signing up
  • You can mock Signing in
  • You can work with JWT
  • You can get some posts like you did with jsonplaceholder only if you are signed in!
  • You can get some private information only if you are admin user

Wanna try? Read the docs

Try it

Run this code here, in a console or from any site:


fetch('https://mockauth.vercel.com/api/posts/', 
    { method: 'GET', headers: { Authorization: 'Bearer <token>' }})
        .then((res) => res.json())
        .then((data) => console.log(data))

You can see that we have authorization here, we need token in order to send requests ang get desired response. To get this token you need to login to your account or register if you don't have one. See the following snippet for registration


fetch('https://mockauth.vercel.com/api/auth/register', 
    { 
        method: 'POST',
        body: JSON.stringify({username: 'john.doe', password: '*********', password2: '**********'})   
    })
        .then((res) => res.json())
        .then((data) => console.log(data))

It has its own validation and error messages. Once you send correct request body you will get accessToken and refreshToken. So you can use these tokens in further steps.

Here you can see how to use /login endpoint


fetch('https://mockauth.vercel.com/api/auth/login', 
    { 
        method: 'POST',
        body: JSON.stringify({username: 'john.doe', password: '*********'})   
    })
        .then((res) => res.json())
        .then((data) => console.log(data))

One thing you have to keep in mind. There is one endpoint /private. Which requires one thing additional to accesToken. It is isAdmin property which is after decoding token. It will be true or false. You can get those datas from private endpoint only if you are logged in as admin (that property will be true). And there is only one admin user, here are the credentials
username: adminuser
password: adminpassword

Your accessToken will expire in 3 days, so you need to refresh it via refreshToken. This token expires in 7 days. In order to refresh your access token you need to send POST to this endpoint /auth/refresh, and in the body you need to pass refreshToken. See the sample below:


fetch('https://mockauth.vercel.com/api/auth/refresh', 
    { 
        method: 'POST',
        body: JSON.stringify({refreshToken: '<token>'})   
    })
        .then((res) => res.json())
        .then((data) => console.log(data))

Note: If refreshToken is also expired, you need to log in again

Here are the sample responses from various endpoints
/private:


{
    "posts": [
        {
            "_id": "6381050c3255440503fa839d",
            "firstName": "Tabb",
            "lastName": "Swarbrigg",
            "dob": "31/01/1988",
            "address": "8 Knutson Lane",
            "phoneNumber": "379-558-9861",
            "bankAccount": {
                "bankName": "Greenholt-Watsica",
                "iban": "AZ60 QOOZ SBWZ D3TY SMSD HFXC 9GQW",
                "country": "Brazil",
                "_id": "6381050c3255440503fa839e"
            },
            "__v": 0
        },
        ...
    ]
}
/posts:

{
    "posts": [
        {
            "_id": "6380ea7639cd79f3d505ad2b",
            "title": "Post title 1",
            "body": "Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.",
            "__v": 0
        },
        ...
    ]
}
/posts/:_id:

You need to send _id property of the post in order to get single post as a response


{
    "posts": [
        {
            "_id": _id,
            "title": "Post title 1",
            "body": "Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.",
            "__v": 0
        },
        ...
    ]
}
/auth/login or /auth/register:

{
    "message": "Welcome",
    "accessToken": "<accessToken>",
    "refreshToken": "<refreshToken>"
}

/auth/refresh:

{
    "accessToken": "<accessToken>",
}