#authorization

Implement JWT auth securely. Flow: 1. User login with credentials. 2. Server validates and creates JWT. 3. Client stores JWT (httpOnly cookie or memory). 4. Include JWT in Authorization header. 5. Server verifies signature and claims. 6. Refresh tokens for long sessions. 7. Token expiration and renewal. 8. Logout (blacklist or short expiry). Use RS256 for production. Don't store in localStorage. Implement CSRF protection.

Integrate social login with OAuth 2.0. Flow: 1. Redirect to provider (Google, Facebook, GitHub). 2. User authorizes application. 3. Provider redirects with authorization code. 4. Exchange code for access token. 5. Fetch user profile. 6. Create or update user in database. 7. Issue JWT to client. 8. Handle errors and edge cases. Use libraries like passport.js. Implement state parameter for CSRF. Store tokens securely.