-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
Kyle Coberly edited this page Nov 19, 2017
·
1 revision
Sessions store user information so that you don't need to look it up or reauthenticate every time
- You can store sessions in a data store on the server, and access them with a key stored in a cookie on the user's browser
- You can store sessions in JWTs, which are encrypted and decrypted by the server, and kept in local storage on the user's browser
Once you have a user's credentials, you need to make sure they are a valid user.
- Hashing, etc. happens here
- You can use their credentials to look them up in a database
- Local - Username/Password from a form, stored locally
- Basic - Username/Password from a header, stored locally
- OAuth/Social - User redirects to a third-party site, returns with an authorization key
- JWT - Encrypt/Decrypt a session that the app makes, but the user stores
- Generally have to get a client ID and client secret from them, and send OAuth requests to them with these
- You may also have to white-list callback URLs/patterns
- Your app sends a user to a route that fires off the OAuth redirect
- When the user's browser redirects to the third-party, it knows how to get back to the site because of the callback URL
- The callback URL should try to authenticate the user, redirect back to login in case of a failure, or redirect to a route in case of success