Jwenky: An Express API Server with User Authentication

Jwenky: An Express API Server with User Authentication

Jwenky is an API server coded in Express framework. Why one more API server in Express? The reason I did this project is some security considerations about Jwt. How to implement a really secure authentication system, without the use of an external identity provider?

Jwenky is an API server coded in Express framework.

Why one more API server in Express?

The reason I did this project is some security considerations about Jwt. How to implement a really secure authentication system, without the use of an external identity provider?

A simple Jwt implementation with default configuration, will use a symmetric HS256 signing algorithm. OWASP [JSON Web Token for Java], and IETF [RFC8725], mention that using symmetric keys for Jwt signing, is vulnerable to brute-force attack.

Practically, the attacker has immediate access to the secret key hash. It is included in the Jwt signature. They can just use a brute-force cracker, to acquire the original server secret key. The brute-force attack has very high probability to be successful, because it happens offline.

Single guard

I will not analyze here all the security implications of using a simple HS256 algorithm as the single security measure for a system. If someone likes to search more about this subject, there are quite a lot references in the two documents, that I mentioned above from OWASP, and IETF.

The suggested implementation for real security is using an RSA algorithm, together with fingerprinted tokens. This is the implementation applied in this project.

The server can be one standalone server, functioning as both an Authentication and an Access server. The best use case scenario is to have separated microservices running. Typically one Auth server, and many Access servers as needed.

nodejs express jwt mysql react authentication api cyber-security

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

How native is React Native? | React Native vs Native App Development

Article covers: How native is react native?, React Native vs (Ionic, Cordova), Similarities and difference between React Native and Native App Development.

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them

How To Set Up Two-Factor Authentication in cPanel

What is 2FA Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.

Angular 10 + Nodejs JWT Token Based Authentication with MySQL Example

How to implement: 'Angular 10 + Nodejs JWT Token Based Authentication MySQL Example' with Express RestAPIs, JWT + BCryptjs + Sequelize

What are the top Cyber Security Threats in 2020?

Learn Cyber Defense programming by Cyber Security Training. Know how to stop tactics of ransomware, malware, social engineering, phishing by hacking course.