Jwenky is an API server coded in Express framework. Why one more API server in Express? The reason I did this project is some security considerations about Jwt. How to implement a really secure authentication system, without the use of an external identity provider?
Jwenky is an API server coded in Express framework.
Why one more API server in Express?
The reason I did this project is some security considerations about Jwt. How to implement a really secure authentication system, without the use of an external identity provider?
A simple Jwt implementation with default configuration, will use a symmetric HS256 signing algorithm. OWASP [JSON Web Token for Java], and IETF [RFC8725], mention that using symmetric keys for Jwt signing, is vulnerable to brute-force attack.
Practically, the attacker has immediate access to the secret key hash. It is included in the Jwt signature. They can just use a brute-force cracker, to acquire the original server secret key. The brute-force attack has very high probability to be successful, because it happens offline.
I will not analyze here all the security implications of using a simple HS256 algorithm as the single security measure for a system. If someone likes to search more about this subject, there are quite a lot references in the two documents, that I mentioned above from OWASP, and IETF.
The suggested implementation for real security is using an RSA algorithm, together with fingerprinted tokens. This is the implementation applied in this project.
The server can be one standalone server, functioning as both an Authentication and an Access server. The best use case scenario is to have separated microservices running. Typically one Auth server, and many Access servers as needed.
Article covers: How native is react native?, React Native vs (Ionic, Cordova), Similarities and difference between React Native and Native App Development.
Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them
What is 2FA Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.
How to implement: 'Angular 10 + Nodejs JWT Token Based Authentication MySQL Example' with Express RestAPIs, JWT + BCryptjs + Sequelize
Learn Cyber Defense programming by Cyber Security Training. Know how to stop tactics of ransomware, malware, social engineering, phishing by hacking course.