00:07 Install Software
00:42 Demo of end solution
01:07 Hasura article
08:14 Starting to code
48:56 REST Client extension
01:36:00 Client code
Learn how to create a user authentication system from scratch using JSON Web Tokens.
Learn how to apply JWT Authentication to your Node JS and Express REST API routes in the most secure way possible to avoid XSS and CSRF attacks. This beginners tutorial will help you apply JSON Web Tokens to your REST API built with Node.js and Express.
🔗 Starter Source Code: https://github.com/gitdagray/user_auth
🔗 Completed Source Code: https://github.com/gitdagray/express_jwt
JWT Authentication | Node JS and Express tutorials for Beginners
(00:21) JWT Authentication
(03:23) Set up
(03:36) Installing new dependencies
(04:29) Creating environment variables
(07:21) Creating JWT tokens at authorization
(18:14) Creating JWT verification middleware
(21:47) Applying JWT token verification to specific routes
(24:53) Applying JWT token verification to many routes
(28:18) Adding cookie-parser middleware
(29:46) Creating a refresh token controller
(36:03) Creating the refresh route
(36:46) Adding the refresh route to the server
(37:37) Testing the refresh route
(40:03) Creating a logout controller
(48:36) Creating the logout route
(49:26) Adding the logout route to the server
(49:43) A Quick Debug
(50:13) Testing the logout route
(52:43) Frontend: fetch needs the credentials option
(53:29) Backend: CORS needs Access-Control-Allow-Credentials
(56:18) Chrome requires specific cookie options
📚 JWT References:
Intro to JSON Web Tokens: https://jwt.io/introduction
All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs-cookies-all-you-need-to-know-about-storing-jwt-tokens-securely-in-the-front-end-15id
NPM jsonwebtoken package: https://www.npmjs.com/package/jsonwebtoken
NPM cookie-parser package: https://www.npmjs.com/package/cookie-parser
Deleting Cookies: http://expressjs.com/en/api.html#res.clearCookie
Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/
Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attacks/csrf
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
📚 Login References:
How to Safely Store a Password: https://codahale.com/how-to-safely-store-a-password/
MDN: HTTP Response Status Codes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
📚 More References:
Node.js Official site: https://nodejs.org
NPM Official site: https://www.npmjs.com/
Express JS Official site: https://expressjs.com/
MDN CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
NPM CORS: https://www.npmjs.com/package/cors
#jwt #authentication #node #express
Today we are going to explore the basic usage of Express-FileUpload. In addition to this, I will show you how you can save/update a user record with a profile image that you can upload.
1:16 NPM Project Setup
3:54 Creating Express Server
5:51 Setting up Layouts & Routes
9:46 Express Upload Form
21:50 User Card
#node.js #express #express-fileupload #express-handlebars #mysql #upload and store images
What is 2FA
Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.
Employing a 2FA mechanism is a vast improvement in security over the Singe-Factor Authentication method of simply employing a username and password. Using this method, accounts that have 2FA enabled, require the user to enter a one-time passcode that is generated by an external application. The 2FA passcode (usually a six-digit number) is required to be input into the passcode field before access is granted. The 2FA input is usually required directly after the username and password are entered by the client.
#tutorials #2fa #access #account security #authentication #authentication method #authentication token #cli #command line #cpanel #feature manager #google authenticator #one time password #otp #otp authentication #passcode #password #passwords #qr code #security #security code #security policy #security practices #single factor authentication #time-based one-time password #totp #two factor authentication #whm
Tutorial: React Node Jwt Authentication (without Redux) – using LocalStorage and Axios (plus interceptor) in React application and Express + Sequelize + MySQL/PostgreSQL in Nodejs backend solution.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. And “How to build Reactjs Nodejs Jwt Token Based Authentication Example?” is one of the most common questions for SpringBoot Java development world. So in the tutorial, I introduce how to implement an application “Reactjs JWT SpringBoot token Authentication Example” with details step by step and 100% running sourcecode.
– I give you an Epic of the application, a fullstack excutive flow from frontend (Reactjs) to backend (Nodejs/Express) to database (MySQL/PostgreSQL) with overall architecture diagram.
– I give you a layer diagram of Reactjs Jwt Application with LocalStorage and Axios (plus Interceptor)
– I guide you detail-steps how to implement a security Jwt Token Nodejs backend.
– I guide you step by step how to develop a Reactjs Jwt Authentication application.
– Finally, I do an integrative testing from Reactjs Jwt Authentication application to jwt Nodejs Security RestAPIs.
For the Reactjs JWT Authentication tutorial, we have 2 projects:
– Backend project Nodejs/Express provides secured RestAPIs with JWT token.
– Reactjs project will request RestAPIs from Nodejs with the Jwt Token Authentication implementation.
The diagram below show how our system handles User Registration and User Login processes:
User Registration Phase:
– User uses a React.js register form to post user’s info (name, username, email, role, password) to Backend API /api/auth/signup.
– Backend will check the existing users in database and save user’s signup info to database. Finally, It will return a message (successfully or fail) to
User Login Phase:
– User posts user/password to signin to Backend RestAPI /api/auth/signin.
– Backend will check the username/password, if it is right, Backend will create and JWT string with secret then return it to Reactjs client.
After signin, user can request secured resources from backend server by adding the JWT token in Authorization Header. For each request, backend will check the JWT signature and then returns back the resources based on user’s registered authorities.
Reactjs JWT Authentication would be built with 5 main kind blocks:
Reactjs Router is a standard library for routing in React. It enables the navigation among views of various components in a React Application, allows changing the browser URL, and keeps the UI in sync with the URL.
Reactjs Components let you split the UI into independent, reusable pieces, and think about each piece in isolation.
Reactjs Service is a bridge between Reactjs Component and Backend Server, it is used to do technical logic with Backend Server (using Ajax Engine to fetch data from Backend, or using Local Storage to save user login data) and returned a response data to React.js Components
Local Storage allow to save key/value pairs in a web browser. It is a place to save the login user’s info.
Axios – (an Ajax Engine) is a promise-based HTTP client for the browser and Node. js. Axios makes it easy to send asynchronous HTTP requests to REST endpoints and perform CRUD operations.
HTTP request that matches route will be accepted by CORS Middleware before coming to Security layer.
Security layer includes:
– JWT Authentication Middleware: verify SignUp, verify token
– Authorization Middleware: check User’s roles
Main Business Logic Processing interacts with database via Sequelize and send HTTP response (token, user information, data based on roles…) to client.
We create a Reactjs JWT Authentication project as below:
It includes 8 components and 2 services and a router in app.js file.
– Home page:
– User Register page:
– Login Page:
– Profile Page:
– Use Page:
– Project Manager Page:
– Reactjs Admin page:
#reactjs #nodejs #jwt #authentication #jwt-authentication