Token Based Authentication Systems with AngularJS & NodeJS

Download Token Based Authentication Systems with AngularJS & NodeJS

Post on 02-Jul-2015

1.968 views

Category:

Software

4 download

DESCRIPTION

Token Based Authentication Systems with AngularJS & NodeJS DEMO: https://github.com/cubuzoa/token-based-authentication-system-wtih-andgularjs-nodejs

TRANSCRIPT

  • 1. Restful AuthenticationSystem with AngularJS &NodeJS

2. Hseyin BABALFull Stack DeveloperPHP, JAVA, NodeJS developer.Building highly scalable, realtime systems.Web Development mentor.Entrepreneur.NodeJS trainer.GDG conference speaker@huseyinbabal@huseyinbabalhttp://huseyinbabal.net 3. POST /signinusername=.....&password=......HTTP 200Set-Cookie: session=.......POST /user/meCookie: session=.......HTTP 200{name: john, surname: doe, ..}http://app.yoursite.com http://app.yoursite.com 4. Boss: I want native mobile and desktop versionof our current web applicationDeveloper: We need to develop new servicesfor specific clients.Boss: What about cost? You need to findanother solution betterDeveloper: ??? 5. My App I need to develop clientAndroidWindows 8iOSDesktopAppindependent system... 6. POST /signinusername=.....&password=......HTTP 200token: JWT (Bearer Token)POST /user/meAuthorization: Bearer JWT(BearerTHoTkTePn )200{name: john, surname: doe, ..}http://app.yoursite.com http://api.yoursite.com 7. Wait! What isBearer Token? 8. JWTPowerful token format used in HTTP headers inorder to make some endpoint secure.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8FmJDkDE_VCQFXqKxpLsts 9. JWTheader payload signatureb64({typ: JWT,alg: HS256})HMACSHA256(b64(header) + . +b64(payload),secret_key)b64({name:John,id:123456,role:admin})eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8FmJDkDE_VCQFXqKxpLsts 10. LibrariesLanguage Library UrlPHP https://github.com/firebase/php-jwt.NET https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnetRuby https://github.com/progrium/ruby-jwtNodeJS https://github.com/auth0/node-jsonwebtokenJava https://github.com/auth0/java-jwtPython https://github.com/progrium/pyjwt/ 11. ArchitectureTime 12. MongoDBhttp://api.yoursite.comPOST /signinusername=.....&password=......HTTP 200token: JWT (Bearer Token)POST /user/meAuthorization: Bearer JWT(BearerTHoTkTePn )200{name: john, surname: doe, ..}http://app.yoursite.comCheck Username and Password, createtoken if valid, add to DBCheck token from db whenever arequest comehttp://t1.yoursite.com..http://tn.yoursite.com(Loadbalancer) 13. AdvantagesClient independentCDNZero CouplingNo cookie(session), no csrfPersistent token storeAvailable for other languages (JWT token) 14. Demo 15. Thank you!Thank you