Learn how to let the right people in (and keep the wrong people out) with server-side Node.js code.
Overview
Syllabus
Introduction
- Real sites need authentication
- What you should know
- Loading the exercise files from GitHub
- Prepare your development environment
- Set up MongoDB
- Set up and understand the playground sample application
- Registering new users
- Why plaintext passwords are bad
- Hashing and validating passwords with bcrypt
- Implementing login and logout
- Deserializing the logged in user from the database
- Offer remember me
- Require user verification
- Resetting passwords
- Implementing the password reset flow
- Using Passport.js for authentication
- Implementing local authentication with Passport.js
- Securing routes
- Set up and understand the ToDo list sample application
- Authenticating API calls
- Creating and sending JWT tokens
- Implementing JWT authentication with passport
- Ensuring object level authorization
- Authentication, authorization, and single sign-on (SSO)
- The GitHub OAuth2 authorization (and authentication) flow
- Prepare Passport.js for GitHub OAuth2
- Extend the application for single sign-on
- Finalize and test the single sign-on flow
- Next steps
Taught by
Daniel Khan
