# Authentication
The process of verifying who someone is

# Authorization
The process of verifying what resources a user has access to

## User Roles and Permissions
- provide different levels of access
- sent in access token payload
- verified with middleware

#### CORS
`cors` is a Node.js package used as middleware in Express.js to enable CORS (Cross-Origin Resource Sharing). CORS is a security feature that allows or restricts requests to a web server based on where the request originated from. This is particularly important in modern web applications where you might have a frontend or backend hosted on different domains or ports.

What is CORS?
<br>
CORS is a mechanism that allows many resources (e.g., fonts, JavaScript, etc.) on a web page to be requested from another domain from which the resource originated. In the absence of CORS, web browsers restrict web applications from making requests to a different domain than the one that served the web application, a policy known as the same-origin policy.

Using `cors` Middleware in an Express.js Application
<br>
##### install cors
```
sudo npm i cors
```
##### Using `cors` in an Express.js Application
Basic Usage: To use the `cors` middleware in your Express application, you can simply require and use it. This will enable CORS for all routes in your application
```
const express = require('express');
const cors = require('cors');

const app = express();

// Use CORS with default settings
app.use(cors());

app.get('/', (req, res) => {
    res.send('Hello, World!');
});

app.listen(3000, () => {
    console.log('Server running on http://localhost:3500');
});
```
In this example, the `app.use(cors())` line enables CORS for all routes in your Express applicaiton with the default settings, which is usually sufficient for basic use cases.

##### Configuring `cors`
Configuring CORS: The `cors` package can be configured to allow different option like specific origins, methods, headers, etc. 
- Specific Origin: To allow requests from a specific domain:
```
app.use(cors({ origin: 'http://example.com' }));
```
- Multiple Origins: To allow requests from a list of domains:
```
const allowedOrigins =['https://example.com', 'https://anotherdomain.com`];
app.use(cors(cors({
    origin: (origin, callback) => {
        if (!origin || allowedOrigins.indexOf(origin) !== -1) {
            callback(null, true);
        } else {
            callback(new Error('Not allowed by CORS'));
        }
    }
}));
```
- Complex Requests with Credentials: If you need to handle complex CORS requests (like those with credentials), you can configure `cors` further:
```
app.use(cors({
    origin: 'https://example.com',
    credentials: true
}));
```

Or to enable CORS only for a single route:
```
app.get('/my-route', cors(), (req, res) => {
    // ...
});
```

##### Why Use CORS?
- Security and Flexibility: CORS is a security feature that allows you to control which external resources can be used in your web applicaiton. By configuring CORS, you can make your web application more secure while still allowing necessary resources from other domains.
- API Accessibility: If you are developing an API that will be accessed from different domains, CORS is essential to ensure that client-side applications from other domains can interact with your API.

CORS is essential for security in web applications. It prevents malicious websites from accessing sensitive data from other sites. However, when you're building APIs that are intended to be accessed from different domains (like in the case of public APIs or when your frontend and backend are hosted saperately), you need to enable and configure CORS to allow these cross-origin requests.

### How to Safely Store a Password
Use bcrypt

#### Wny not MD5, SHA1, SHA2, SHA3, etc?
These are all general purpose hahs functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbush for storing passwords.

A modern server can calculate the MD5 hash of a about 330MB every second. If your users have passwods which are lowercase, alphanumericic, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

If you're willing to spend about 2000USD and a week or 2 piucking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700million passwords a second. And that rate you'll be cracking those passwords at the rate of more than 1 per second.

#### Salts will not help you
It's important to note that salts are useless for preventing dictionary attacks or brute force attacks. You can use huge salts of many salts or hand-harvested, shade-grown, organic Humalayan pink salt. It doesn't affect how fast an attack can try a candidate password, given the hash and the salt from oyour database.

Salt or no, if you're using a general-purpose hash function designed for speed you're well and truly effed.

#### bcrypt Solves These Problems
How? Basically, it's slow as hell. It uses a varient of the Blowfish encryption algorithm's key schedulting, and introduces a work factor, which allows you to determine how expensive the hash funciton will be. Because this, bcrypt can keep up with Moore's law. As computers get faster you can increase the work factor and the hash will get slower.

How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password `yaaa` in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.

So we're talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I'd be cracking them ever 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security.

bcrypt is an adaptive password hashing algorithm which uses the Blowfish key schedule, not a symmetric encryption algorithm. bcrypt has salts built-in to prevent rainbow table attacks.

### Blowfish
Blowfish is a symmetric-key block cipher algorithm designed in 1993 by Bruce Schneier. It has been widely used of encrypting data and is known for its efficiency and security. Blowfish is a part of many software products and can be used for securing data, providing privacy and ensuring cryptographic security in a variety of applications.

#### Key Characteristics of Blowfish
1. Symmetric Key: Blowfish is a symmetric cipher, meaning the same key is used for both encryption and decryption. This requires secure key management practices, as the key needs to be shared between the sender and receiver
2. Block Cipher: It encrypts data in block sizes of 64 bits. This means it takes 64 bits of plaintext as input nad outputs 64 bits of ciphertext. For data that doesn't fit into a 64-bit block, certain modes of operation are used to handle this, such as Cipher Block Chaining (CBC) or Electronic Codebook (ECB)
3. Variable Key Length: Blowfish allows for a wide range of key lengths (from 32 bits up to 448 bits), providing flexibility in terms of the trade-off between speed and security
4. Structure: The algorithm is structured as a Feistel network, a common design for block ciphers, with 16 rounds of processing. Each round consists of key-dependent permutations and substitution steps
5. S-Boxes: Blowfish uses 4 key-dependent 256-entry S-boxes, which are tables used to perform substitution in the encryption and decryption processes. These S-boxes are initialized using the secret key, making them key-dependent.

#### Uses of Blowfish
- File Encryption: Due to its speed and effectiveness, Blowfish has been popular for encrypting files and data at rest
- Secure Communication: Blowfish can be used for securing data transmission, althrough other algoritms like AES are more prevalent in this area now
- Embedded Systems and Software Applications: Its efficiency and simplicity make it suitable for embedded systems and software applications where processing power is limited.

#### Advantages
- Speed: Blowfish is known for its high speed in software implementations
- Security: As of now, there are no effective cryptanalysis attacks against the full 16-round version of Blowfish, making it a secure choice
- Simplicity: The algorithm's simplicity allows for easy implementation and understanding

#### Disadvantages
- Block Size: The 64-bit block size is relatively small by modern standards, which can be a limitation in certain applications, particularly for encrypting large amounts of data where issues like block collision become more probable
- Superseded by Newer Algorithms: Newer algorithms like AES (Advanced Encryption Standard) have become more standard, especially since AES has been rigorously tested and endored by organizations like NIST (National Institute of Standards and Technologies).

In summary, while Blowfish is a robust and efficient encryption algrithm, it has seen a decline in usage in favor of newer algorithms with larger block sizes and more extensive standardization and testing, like AES. However, it remains a part of the cryptographic toolkit and is respected for its performance and simplicity.

### Digest
In the context of computing and cryptography, a "digest" refers to the fixed-size string of characters that is the output of a hash function. When you hash some data, such as a file, a password, or any arbitrary input, the result is often called a hash digest, or simply a digest.

#### Key Points About Digests
1. Fixed Length: A digest has a fixed size, determined by the hash funciton used. For example, an MD5 digest is 128 bits long, and a SHA-256 digest is 256 bits long.
2. Unique Representation: The digest is a unique representation of the input data. Ideally, even a small change in the input will result in an significantly different digest
3. One-Way Transformation: The process of generating a digest in a one-way function, it's computationally infeasible to reverse the process and retrieve the original input from the digest
4. Used for Comparison: Digests are often used to verify the integrity of data. By comparing the digest of received data with a previously calculated digest, one can determine of the data has been altered.

#### Examples of Use
- File Verification: When downloading a file, a website might list the file's digest (e.g., an SHA-256 digest). After downloading, you can hash the file and compare the digest to ensure the file was not corrupted and tampered with during transmission.
-  Password Storage: When a password is stored, it is hashed, and the digest is saved. When authentication is required, the provided password is hashed, and the resulting digest is compared with the stored digest.
-  Digital Signatures: In digital signatures, a digest of the message is encrypted with a private key. The receiver can decrypt the digest and compare it with a hash of the message to verify both the integrity of the message and the authenicity of the snder.

#### Cryptographic Hash Functions
Digests are typically the result of cryptographic hash functions like SHA-256, SHA-3, or others. These functions are designed to secure in the sense that they:
- Are collision-resistant (it's hard to find two different inputs that produced the same digest).
- Make it infeasible to regenerate the original inpuyt from the digrest (pre-image resistance)
- Ensure that any chance to the input alters the digest significantly (avalanche effect).

In summary, a digest as a crucial element in various cryptographic and data integrity applications, providing a reliable and secure way to represent data.

#### Salting
Salting is a technique used in cryptography, particularly in the context of hashing passwords, to enhance security. When you hash passwords (or any data), there's a risk that someone could use precomputed tables of hash values (called rainbow tables) to reverse engineer the original password. Salting is designed to counteract this threat.

###### What is a Salt?
A salt is a random string that you add to the password before hashing it. The primary purposes of a salt is:

1. Uniqueness: Each password should have a unique salt. This means that even if 2 users have the same password, their salted and hashed passwords will be different.
2. Complexity: Addng a salt increases the complexity of the password, making it more difficult for attackers to use methods like rainbow table attacks or brute- force to reverse-engineer the hash.

##### Rainbow Table
A rainbow table is a precomputed table used for reversing cryptographic hash functions, primarily for cracking password hashes. It's an optimization technique that trades off processing time against memory usage, a classic space-time tradeoff in computing.

###### How Rainbow Tables Work
1. Precomputation: A rainbow table is created by applying a hash function to many possible plaintext inputs (like passwords) and storing the results. This process is computationally expensive and time-consuming but only needs to be done once.
2. Structure: Unlike simple lookup tables where each possible plaintext is mapped to its hash, rainbow tables used a more complex structure involving a chain of hashes and reductions. Reduction functions convert hash values back into a form of plaintext, which can be hashed again. This allows the table to store a much larger range of hashes in a smaller amount of space.
3. Usage: When an attacker obtains a hash they want to crack, they use the rainbow table to look for corresponding plaintext values. The table is used to track back through the chain of hashes and reductions to find a plaintext that produces the target hash.

###### Why Rainbow Tables are Effective
- Efficiency: For certain types of hash functions, especially those without added complexity like salting, rainbow tables can quickly find the plaintext for a given hash.
- Reusability: Once generated, the same rainbow table can be used repeatedly to crack hashes of the same type.

###### Limitations and Countermeasures
- Salting: If a hash function uses a unique salt for each input, it vastly increases increases the number of possible hashes, making rainbow table impractical. The salt effectively means that for each possible plaintext, there would be a separate entry in the table for each possible salt value.
- Memory Space: Rainbow tables can be very large and their effectiveness is limited by the amount of memory available. They are not practical for hash functions that produce very long hashes
- Advance Hashing Techniques: Modern hashing algorithms and practices like using bcrypt with a work factory, are designed to mitigate the effectiveness of rainbow tables

Rainbow tables were a significant threat to password security, particularly with simpler hashing algorithms and unsalted hashes. However, with modern practices like salting and the use of more complex hashing funcitons, their effectiveness has been greatly reduced. In current security practices, using strong, unique salts and robust hashing algorithms is key to defending against rainbow table attacks.

###### How Salting Works
Here's a basic outline of the salting process:
1. Generate a Salt: When a suer sets or changes their password, generate a new, random salt. This salt can be generated using secure random number generators provided by most programming languages or cryptographic libraries.
2. Combine the Salt and Password: Append or prepend the salt to the actual password.
3. Hash the Combined String: Use a cryptographic hash function to hash the combined salt and password.
4. Store the Salt and Hash: Store both the hash and the salt in the user's record in your database. You'll need the salt later when verifying passwords.

###### Verifying Passwords with a Salt
When a user tries to log in:
1. Retrieve the salt and he hash from the user's database record
2. Combine the provided password with the retrieved salt
3. Hash this combination
4. Compare this hash with the stored hash. If they match, the password is correct.

###### Example
Here's an example (without actual hashing for illustration purposes):
- Password: "myPassword"
- Generated Salt: "abc123"
- Salted Password: "myPasswordabc123" or "abc123myPassword"
- Hashed Salted Password: Apply a hash function to "myPasswordabc123" and store the result.

###### Benefits of Salting
- Prevents Rainbow Table Attacks: Since each password has a unique salt, pre-computed rainbow tables become ineffective
- Adds Uniqueness: Salting ensures that even identical passwords will have different hashes, protecting user privacy and security

Salting, especially when combined with a robust hashing algorithm and practices like using a sufficient number of iterations (work factor), is a critical component of securely storing passwords and sensitive data

#### bcrypt
`bcrypt` is a popular password hashing library to help you securely store user passwords. By hashing passwords, you ensure that the actual passwords are not stored in your database, which adds a layer of security against unauthorized access, data breaches, or even accidental exposure.

##### Key Features of `bcrypt`
1. Secure Hashing: `bcrypt ` uses a salt to protect against rainbow table attacks and implements adaptive hash functions, which can be make slower over time to counteract increasing hardware speeds
2. Salting: Automatically generates and applies a salt. Salting is crucial for preventing the same passwords from resulting in the same hash and for guarding against precomputed hash attacks.
3. Work Factor/Slowness: The algorithm is intentionally slow to resist brute-force attacks. You can configure the "slowness" by adjusting the number of rounds of hashing.

##### Using `bycrypt` in Node.js
First, install `bycrypt` with npm:
```
npm i bcrypt
```
Then, you can use it in your Node.js application:

Hashing a Password
```
const bcrypt = require('bcrypt');
const saltRounds = 10; // Adjust the cost factor as needed

async function hashPassword(password) {
    try {
        const hash = await bycrypt.hash(password, saltRounds);
        return hash;
    } catch (error) {
        console.error(error);
    }
}
```

Comparing a Password with a Hash
```
async function comparePassword(password, hash) {
    try {
        const match = await bcrypt.compare(password, hash);
        if (match) {
            // Passwords match
        } else {
            // Passwords don't match
        }
    } catch (error) {
        console.error(error);
    }
}
```
###### Points to Consider
- Security: While `bcrypt` is a robust way to handle password hashing, it's essential to keep the rest of your application secure. Ensure you use HTTPS, secure your endpoints, and follow best practices for web security.
- Performance: Because `bcrypt` is intentionally slow, be cautious with the number of salt rounds you choose. More rounds mean more security but also more processing time.
- Up-to-date Practices: Security practice evolve, so it's vital to stay updatedd on the latest recommendations in cryptographic practices and update your implementation as needed

`bcrypt` is widely regarded as one of the best practices fro password hashing in modern web applications due it its effectiveness in twarting brute-force attacks and its ease of use.


## Hash Function
A hash function maps arbitrary-length strings to a fixed-length(l-bit) strings

$$
h: \{0, 1\}^*  \rightarrow \{0, 1\}^\ell
$$

a cryptographic hash function is a pseudo random hash function.

An idea pseudo random hash function is called a random oracle

# JSON Web Tokens
JWT are an open standard (RFC 7519) used to securely transmit information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed by using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA. Here are some key aspects of JWTs:

1. Compact and Self-contained: JWTS are compact and self-contained, making them suitable for scenarios where bandwith is a consideration, such as HTTP Authorization headers and URL parameters.
2. Structure of a JWT: A JWT typically consists of 3 parts, a header, a payload, and a signature. There are encoded as Base64Url strings and are separated by dots.
- - Header: The header typically consists of 2 parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA,
- - Payload: The second part of the token is the payload, which contains the claims, Claims are statements about and entry (typically, tue user) and additional metadata. There are 3 types of claims: registered, public, and private claims.
- - Signature: To create the signature part, you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header and sign that
3. Usage: JWTs are often used for:
- - Authentication: After a user logs in, every subequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token
- - Information Exchange: JWTs are a good way of securely transmitting information between parties because you can be sure of sender's identity and thatt he content hasn't been tampered with.
4. Security Considerations: While JWTs are a robust way to handle authentication and secure information exchange, it's curcial to ensure they are implemented correctly to avoid common sucurity issues, sucha as not validating the token properly or using weak keys.

JWT Tokens
- confirm authentication
- allow access to API endpoints
- endpoints provide data resources
- use authorization header

## Access and Refresh Tokens
In the context of JWTs, access tokens and refresh tokens serve distinct purposes in managing user authentication and authorization. 

Access Token:
- Issued at Authentication
- Client uses for API access untill expiration
- verified with middleware
- New token issued at refresh request

Refresh Token
- Issued at Authentication
- Client use to request new Access Token
- Verified with endpoint and database
- Must be allowed to expire or logout

### Access Tokens
1. Purpose: Access tokens are used to grant access to resources and services. They are typically short-lived and provide the bearer of the token the right to access a resource (like an API)
2. Expiration :They usually have a short expiration time (e.eg., minutes to hours) for security reasons. Once expired, they cannot be used and a new token must be obtained
3. Usage: Access tokens are sent in HTTP headers to URL parameters to access protected resources. They should be securely and not exposed to potential vulnerabilities like cross-site scripting attacks
4. Security: Since they are short-lived, the risk associated with them is relatively low. However, if an access token is compromised, it can be used to access the resources it grants permission to until it expires

Sent as JSON stored in memory, do not store in local storage or cookies

### Refresh Tokens
1. Purpose: Refresh tokens are used to obtain new access tokens. They are not used to access resources directly but to ensure continusous access without requiring the user to log in again
2. Expiration: Refresh token usually have a longer life than access tokens. They can last from days to months, depending on the implementation
3. Usage: When the access token expires, the refresh token is sent to a token endpoint to obtain a new access token. This process keeps the user authenticated and avoids the need for repeated logins.
4. Security: Since refresh tokens can allow prolonged access, they must be stored securely, often on the server side. If a refresh token is compromised, it can be used to continuously gain access tokens, posing a significant security risk

Sent as httpOnly cookie, not accessable via JavaScript, must have expiry at some point

Implementation Considerations
- Separation of duties: It is a good practice to use both tokens in tadnem. The access token does the heavy lifting interms of aaccess contorl, while the refresh token remains relatively dormant, only being used when a new access token is needed.
- Storage and Transmission: Access tokens, being used frequently, are typically stored on the client side. Refresh tokens, due to their ssensitivity, are often stored more securely, sometimes on the server side or in a secure environment on the client side.
- Revocation Mechanism: Implement a mechanism to revode refresh tokens when necessary, such as when a user logs out or in case of supected token compromise.

Using both types of tokens provides a balance between user experience (by minimizing frequent logins) and security (by limiting the lifespan of access tokens).

## npm jsonwebtoken
https://www.npmjs.com/package/jsonwebtoken

The `jsonwebtoken` package in npm is a popular library used in Node.js applications for implementing JSON Web Tokens (JWT). Here's an overview of how it's used and some of its features

Key Features
1. Token Creation: Easily create JWTs and various options for algorithms and expiration times
2. Token Verification: Verify the authenticity and integrity of tokens received from clients or other sources
3. Synchronous and Asynchronous Operations: Supports both synchronous and asynchronous methods for creating and verifying tokens
4. Custom Claims: Allows the inclusion of custom claims in the payload of the JWT
5. Multiple Signing Algorithms: Supports various signing algorithms like HS256(HMAC using SHA-256), RS256(RSA Signature with SHA-256), and more

### Usage
```
jwt.sign(payload, secretOrPrivateKey, [options, callback])
```
- Asynchronous: if a callback is supplied, the callback is called with the `err` on the JWT
- Synchronous: Retuens the JWT as string
- `payload`: could be an object literal, buffer, or string represinting valid JSON
- `secretOrPrivateKey` is a string utf-8 encoded, buffer, object, or KeyObject containing either the secret for HMAC algorithms or the PEM encoded private key for RSA and ECDSA.

`options`
- algorithm
- expiresIn
- notBefore
- audience
- issuer
- jwtid
- subject
- noTimestamp
- header
- keyid


Basic Usage
1. Installation: To install `jsonwebtoken`
```
npm install jsonwebtoken
```
2. Creating a Token
```
const jwt = require('jsonwebtoken');

const token = jwt.sign({ foo: 'bar' }, 'your-secret-key');
```
This will create a JWT with the payload `{ foo: 'bar' }` and sign it with the secret key `'your-secret-key'`

3. Verifying a Token
```
jwt.verify(token, 'your-secret-key', (err, decoded) => {
    if (err) {
        // handle token verification error
    } else {
        // use decoded payload
    }
});
```
This will verify the token using the same secret key. If the token is valid, `decoded` will contain the payload

Security Considerations
- Secret Key Management: The secret key used for sigining tokens should be kept secure and not hardcoded in your source code
- Handling Sensitive Data: Be cautious and the information you include in the JWT payload, as it can be decoded easily
- Token Expiration: Set an appropriate expiration time for tokens to migrate the risk of token misuse
- Error Handling: Implement proper error handling for token creation and verification process

To install

```
npm i dotenv jsonwebtoken cookie-parser
```

In [1]:
require('crypto').randomBytes(64).toString('hex')

'39d2fa568f8feba7aab9e74368b70325344b2d3de85e39322b31ccee3a3f9e30921029e12c599b6eeae94ec7b164f9cb810f17a3322f199dcba5486ab19d6381'

Use this as access and refresh token secret

# OAuth 2.0
OAuth 2.0 is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on oher websites, but without giving them the passwords. It provides specific authorization flows for web applications, desktop applications, mobile phone, and living room devices.

### Key Components
1. Resource Owner: The user who authorizes an application to access their account. The application's access to the users' information is limited to the "scope" of the authorization granted (e.g., read or write access)
2. Client: The application that wants to access the user's account. Before it may do so, the client must be authorized by the user, and the authorization must be validated by the API.
3. Resource Server: The server hosting the protected resources. This is the API you want to access
4. Authorization Server: The server that presents the interface where the user approves or denies the request for application access. In some cases, the authorization server is the same server as the resource server

### Authorization Flows
OAuth 2.0 provides several "flows" (or "grant types") for different kinds of applications:

1. Authorization Code: Used by server-side applications where the source code is not exposed to the public. It's the most common OAuth 2.0 flow
2. Implicit: Designed for clients implmented in a browser using a scripting language such as JavaScript. It was previously recommended for browser-based applications but has largely been supplimented by the Authorization Code with PKCE flow
3. Resource Owner Password Credentials: Credentials of the resource owner (username and password) are used directly as an authorization grant. Typically, only trusted clients can use this flow
4. Client Credentials: Used when the client is requesting access to protected resources under its control
5. Authorization Code with PKCE (Proof Key for Code Exchange): An enhancement to the Authorization Code flow to prevent certain attack scenarios, particularly useful for mobile and native applications

### Security Considerations
- OAuth 2.0 provides robust mechanisms for securing access to resources, but it must be implemented correctly to prevent common vulnerabilites
- The standard does not specify how to authenticate users, so it's often used in conjuntion to OpenID Connect for this purpose
- Always use HTTPS to prevent inteception of sensitive data like access tokens

### Use Cases
- Single Sign-On (SSO): Allowing users to log in to multiple services with one set of credentials
- Third-party Access: Enabling applications to access a user's data in another service (like accessing Google Calender data from a third-party scheduler app)

OAuth 2.0 has become the industry-standard protocol for authorization, offereing a secure and efficient way for users to grant applications access to theri data with exposing their credentials.

## PKCE flow
PKCE (Proof Key for Code Exchange) is an extension to the OAuth 2.0 authorization code flow to enhance security, particularly in environments where the confidentiality of the client cannot be maintained, such as with mobile apps, or single-page web applications. It was introduced to migrate the threat of having the authorization code intercepted

### How PKCE Works
1. Code Verifier & Code Challenge Creation: Before making the authorization request, the client (usually a mobile or web application) generates a random string called the "code verifier". Then, it crreates a "code challenge" from this string using a method like SHA256
2. Authorization Request: The client initiates the authorization flow by directing the user's browser ot the authorization endpoint. the client includes the code challenge in this request
3. User Authorization: The user authorizes the client application, typically by logging into the service that controls the resource and consenting to grant access to the client.
4. Authorization Code Issuance: Upon successful authorization, the authorization server isssues an authroization code to the client
5. Token Request: The client then requests a token from the token endpoint using the authorization code and the code verifier. this additional step is where PKCE adds its seucrity enhancement
6. Code Verifier Validation: The authorization server validates the code verifier against the previously received code challenge. If the validation is successful, it ensures that the same client making the token request received the authorization code
7. Token Response: If the validation is successful, the authorization server responds with an access token

Advantages of PKCE
- Mitigates Authorization Code Interception: PKCE prevents an attacker from exchanging the stolen authorization code for an access token, as they would not have the corresponding coder verifier
- Suitable for Public Clients: It is especially useful for clients that cannot securely store a client secret, such as mobile and single-page web applications
- Enhanced Security: Provides an additional layer of security over the standard authorization code flow

- PKCE is now considered a best practice for OAuth 2.0 authroization code flow, particularly for applications that run on devices where the client secrets cannot be securely stored.

## OAuth Tokens
As mentioned above, at the end of the flow, the client receives an Access Token. Generally, these Access Tokens are short-lived; so, what happens when it expires?

### Short-lived access tokens and long-lived refresh tokens
The Authorization Server can generate 2 tokens, an access token and a refresh token. The access token is short-lived, it should only last from several hours to a couple of weeks

When the access token expires, the application can use the refresh token to obtain a new access token. This prevents having to ask the user to re-authenticate

### Access Token
With a short-lived access token, we can use a JWT Token to make a self-encoded access token.

JSON Web Tokens (JWT) is a signed JSON object. Means you can trust the data contained in the JSON object by verifying the signature. For authorizating a user, you can include the users's ID and email in the JWT.

When you give the JWT Access Token in the Resource Server (your backend API server), your server can validate the JWT Tokens without needing to access the database to check of its valid.

All your server needs to do is to validate that the JWT Token is valid using a library, see the user ID of the user making the request from the token, and trust that this user ID is already authenticated.

### Refresh Token
A refresh token is a special token that is used to obtain a new Access Token. Since this is long-lived, refresh tokens are generally opaque strings stored in the database. Storing refresh tokens in the database allows you to revoke them be deleting it from the database.

Because there is no way to expire an Access Token, we should make the access token short-lived. Revoking the refresh token prevents malicious parties from refreshing an expired Access Token. This means that if your Access Token expires in 1 hour, then an attacker who obtained your Access Token can only access your API for 1 hour before it expires. 

## Where should I store my tokens in the front-end?
There are 2 common ways to store your tokens: In `localStorage` or cookies. There are alot of debate on which one is better and most people lean toward cookies for being more secure.

### Local Storage
Pros: It's convenient
- It's pure JavaScript and it's convenient. If you don't have a back-end and you're relying on a thrid-party API, you can't always ask them to set a specific cookie for your site
- Works with APIs that require you to put your access token in the header like this: `Authorization Bearer ${access_tokens}`

Cons: It's vulnerable to XSS attacks<br>
An XSS attack happens when an attacker can run JavaScript on your website. This means that the attacker can just take the access token that you stored in your `localStorage`.

An XSS attack can happen from a thrid-party JavaScript code included in your website, like React, Vue, jQuery, Google Analytics ,etc. It's almost impossible not to include in any third-party libraries in your site.

### Cookies
Pros: The cookie is not accessible via JavaScript; hence, it is not as vulnerable to XSS attacks as `localStorage`
- If you're using `httpOnly` and `secure` cookies, that means your cookies cannot be accessed using JavaScript. This means, even if an attacker can run JS in your site, they can't read your access token from the cookie.
- It's automatically sent in every HTTP requst to your server

Cons: Depending on your use case, you might not be able to store your tokens in the cookies
- Cookies have a size limit of 4KB. Therefore, if your're using a big JWT Token, storing in the cookie is an option.
- There are scenarios where you can't share cookies with your API server or the API requires you to put the access token in the Authorization header. In this case, you won't be able to use cookies to store your tokens

### About XSS Attack
Local sotrage is vulnerable because it;s easily accessible using JavaScript and an attacker can retrieve your access token and use it later. However, while `httpOnly` cookies are not accessible using JavaScript, this doesn't meant that by using cookies, you are safe from XSS attacks involving your access token.

If an attacker can run JavaScript on your application, then they can just send an HTTP request to your server and that will automatically include your cookies. It's just less convenient for the attacker because they cant read the content of the token althrough they rarely have to. It might also be more advantageous for the attacker to attack using victim's browser (by just sending that HTTP Request) rather than using the attacker's machine

### Cookies and CSRF Attack
CSRF Attack is an attack that forces a user to do an unintended request. For example, if a website is accepting an email change via
```
POST /email/change HTTP/1.1
Host: site.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Cookie: session=abcdefghijklmnopqrstu

email=myemail.example.com
```

Then an attacker can easily make a `form` in a malicious website that sends a POST request to `https://site.com/email/change` with a hidden email field and the `session` cookie will automatically be included.

However, this can be mitigated easily using `sameSite` flag in your cookie and by including an anti-CSRF token

### Conclusion
Althrough cookies still have some vulnerabilities, it's preferable compared to `localStorage` whenever possible. Why?
- Both `localStorage` and cookies are vulnerable to XSS attacks but it's harder for the attacker to do the attack when you're using httpOnly cookies
- Cookies are vulnerable to CSRF attacks but it can be migrated using `sameSite` flag and anti-CSRF tokens
- You can still make it work even if you need to use the `Authorization: Bearer` header if your JWT is larger than 4KB. This is also consistent with the recommendation from the OWASP community

- Do not store session identifiers in local storage as the data is always accessible by JavaScript. Cookies can mitigate this risk using the `httpOnly` flag

### So, how do I use cookies to persists my OAuth 2.0 tokens?
As a recap, here are the different ways you can store your tokens:
- Option 1: Store your access token in `localStorage`: prone to XSS
- Option 2: Store your access token in `httpOnly` cookie: prone to CSRF but can be mitigated, a bit better in terms of exposure to XSS
- Option 3: Store the refresh token in `httpOnly` cookie: safe from CSRF, a bit better in terms of exposure XSS. We'll go over how Option 3 works as it is the best out of the 3 options.

#### Store your access token in memory and store you refresh token in the cookie
##### Why is this safe from CSRF?
Although a form submit to `/refresh_token` will work and a new access token will be returned, the attacker can't read the response if they're using an HTML form. To prevent the attack from successfully making a `fetch` or `AJAX` request and read the response, this requires the Authorization Server's CORS policy to be set up correctly to prevent requests from unauthorized websites.

#### So how does this set up work?
##### Step 1: Return Access Token and Refresh Token when the user is authenticated
After the user is authenticated, the Authorization Server will return an `access_token` and a `refresh_token`. The `access_token` will be included in the Response body and the `refresh_token` will be included in the cookie

Refresh Token cookie setup
- Use the `httpOnly` flag to prevent javaScript fromn reading it
- Use the `secure=true` flag so it can only be sent over HTTPS
- Use the `SameSite=strict` flag whenever possible to prevent CSRF. This can only be used if the Authorization Server must set CORS headers in the back-end or use other methods to ensure that the refresh token request can only be done by authorized websites

##### Step 2: Store the access token in memory
Storing the token in-memory means that you put this access token in a variable in your front-end site. Yes, this means that the access token will be gone if the user switches tabs or refresh the site. That's why we have the refresh token

##### Step 3: Renew access token using the refresh token
When the access token is gone or has expired, hit the `/refresh_token` endpoint and the refresh token that was stored in the cookies in step 1 sill be included in the request. You'll get a new access token and can then use that for your API Requests

That means that your JWT Token can be larger than 4KB and you can put it in the Authorization header