How to Authorize User Roles and Permissions - Node.js & Express Authorization Tutorial

Learn how to implement user role-based authorization in a Node.js and Express application. Explore the differences between authentication and authorization, configure user roles, update the user data model, and integrate roles into the registration and authentication processes. Implement middleware to verify JSON Web Tokens (JWTs) with role information, create custom middleware for role-based access control, and apply it to specific routes. Test the newly implemented authorization system using Thunder Client, and gain insights into best practices for securing your REST API endpoints based on user permissions.

Intro
Welcome
Authentication vs Authorization
Configure the User Roles
Add roles to the user data model
Add a user role at registration
Add user roles to access token at authentication
Add user roles to access token when refreshed
Update the verifyJWT middleware to include roles
Create the verifyRoles middleware
Add the verifyRoles middleware to routes
Test routes with Thunder Client
A quick note on Thunder Client