javascript – Where does JWT keep tokens?


I'm following the following tutorial to create an authentication system using Node.js and JWT:

Following the tutorial steps, I can verify that the user is correct and create the JWT. But apparently the token isn't being stored anywhere. When accessing the /test route, nothing is returned. Here's the code:

const express = require('express');
const jwt = require('jsonwebtoken');

const router = express.Router();

const Usuario = require('../models/Usuario');

router.get('/teste', (req, res) => {
  const token = req.body.token || req.query.token || req.headers['x-access-token'] || null;
  return res.json(token);
});'/login', (req, res) => {
  Usuario.findOne({ email:, senha: req.body.senha }, (err, usuario) => {
    if (err) return res.json({ error: err });
    if (!usuario) return res.json({ error: 'Email e/ou senha incorretos!' });

    jwt.sign(usuario, 'secret', { expiresIn: 3600 }, (err, token) => {
      if (err) return res.json({ error: err });
      return res.json({ message: 'Logado com sucesso!', token: token });

module.exports = router;


The token is not saved. In a request you will need to inform it, usually by headers , but it can be wherever you want.

The server will receive the token and will validate it with the private key . Thus, you have the validated token data.

Scroll to Top