Tag Archives: JWT

Authenticable Observables: Build a Reactive App with JWT Auth

via Authenticable Observables: Build a Reactive App with JWT Auth.

Reactive programming is powerful and is becoming increasingly popular with libraries such as RxJS. We can make a stream out of just about anything, including API communication and authentication. Check out the repo for this tutorial to see the code.

Token-Based Authentication for AngularJS and Laravel Apps

via Token-Based Authentication for AngularJS and Laravel Apps | Scotch.

Adding authentication to an AngularJS and Laravel application is not the most straight-forward, especially if we take the approach of creating independent front-end and backend applications and connecting them with an API exposed by Laravel. Laravel comes with easy-to-use authentication out of the box, but it is session-based and is therefore most useful for traditional round-trip applications.

For single page applications that rely on an API, a better way to handle authentication is with JSON Web Tokens, or JWTs. Put simply, a JWT (pronouncedjot) is a JSON object with three distinct parts that are used together to convey information between two parties. JWTs consist of a header, a payload and a signature which are all encoded. We won’t get into full detail about the structure and inner workings of JWTs in this tutorial, but Chris covers it in The Anatomy of a JSON Web Token.

To fully understand how JWTs are used, we have to shift our thinking a bit. Traditional authentication requires that the server store the user’s authentication information which is checked every time the user makes a request. This method creates challenges when the application grows and needs to scale up, especially if it is distributed across several different servers. It also becomes problematic when we want to use our API for other purposes, such as for mobile applications. To get a better understanding of the limitations of server-based authentication and how JWTs can help, read The Ins and Outs of Token Based Authentication.

Creating your first Aurelia app: From authentication to calling an API

via Creating your first Aurelia app: From authentication to calling an API.

Aurelia is a great client-side JavaScript framework and adding JWT authentication to Aurelia apps is easy with the aurelia-auth package. Check out the GitHub repo for this article to find out how to add authentication to your Aurelia app.

Aurelia is a client-side JavaScript framework that has been gaining a lot of popularity lately. One of the nice aspects of Aurelia is that it anticipates common application needs and provides simple conventions for accomplishing them. In some ways, Aurelia is similar to Angular 2, so parts of it may look familiar if you’ve checked out Angular 2 already.

Create and Verify JWTs With Node.js

via Create and Verify JWTs with Node.js – Stormpath User Management API.

JWT, access token, token, OAuth token.. what does it all mean??

Properly known as “JSON Web Tokens”, JWTs are a fairly new player in the authentication space. Being the cool new thing, everyone is hip to start using them. But are you doing it securely? In this article we’ll discuss best practices for JWTs, while showing you how to use the nJwt library for creating and verifying JWTs in your Node.js application.

Build an Instagram clone with AngularJS, Satellizer, NodeJS and MongoDB

via Build an Instagram clone with AngularJS, Satellizer, Node.js and MongoDB | HackHands.

Table of Contents

Demo & Source Code
Getting Started
Bootstrapping UI
Home Page
Login Page
Signup Page
Express Skeleton
Database and User Model
Authentication Middleware and JWT
Login and Signup Express Routes
Instagram Authentication Express Route
Instagram API Endpoints
Back to the client-Side
Detail Page
Navbar Enhancements

1. Introduction

Satellizer is a token-based authentication module for AngularJS that comes with built-in support for Facebook, Google, LinkedIn, Twitter, GitHub, Yahoo and Windows Live OAuth providers, as well as a more traditional email and password sign-in flow.

Where to Store Your JWTs – Cookies vs HTML5 Web Storage

via Where to Store your JWTs – Cookies vs HTML5 Web Storage – Stormpath User Management API.

Stormpath has recently worked on token authentication features using JSON Web Tokens (JWT), and we have had many conversations about the security of these tokens and where to store them.

If you are curious about your options, this post is for you. We will cover the basics of JSON Web Tokens (JWT), cookies, HTML5 web storage (localStorage/sessionStorage), and basic information about cross-site scripting (XSS) and cross site request forgery (CSRF).

Let’s get started…


via How to Write a REST API – Jixee.

[Editor’s Note: We’re starting a new series on this blog, called Jixee Hotfix. It will feature real problems that our engineering team encounter on a weekly basis and the solutions they come up with to fix it. Posts are written by the engineers encountering the problems. This post was written by our VP of Ops, Eric Norton.]

This article is the first in a series that will show you how to write a REST API written in NodeJS and Express, that uses MongoDB to store data, and JSON Web Tokens(JWT)  to provide a simple authentication mechanism.  For those who came here wanting to learn about JSON Web Tokens (JWT) authentication, that is covered in part 2 here.  This installment of the series will only cover details on how to create a REST API using MongoDB as a persistent data store.

You might be asking yourself, ‘why another REST API tutorial?’ With a substantial amount of great articles out there on the subject, it’s a fair question.  Let me give a little background on this project to explain.  A task fell in my lap a short time ago that required a simple REST API to import and export data stored by one of our services.   In my search for a simple solution, I found many great blog articles that covered some of the concepts I was interested in, but not all.  For instance, some discussed building APIs that stored and retrieved data, and some discussed simple JWT auth, but did not cover how you would incorporate a persistent data store.   I decided that I’d like to write an article that combines all of the concepts I was looking for into one concise resource.  While I will cover a lot of the concepts I learned in the aforementioned articles, I encourage you to take a look at what inspired this post, as they are great resources on the subject matter:

Creating A Simple Restful Web App with NodeJS, Express, and MongoDB
REST follow-up exercise, implementing a PUT into a simple web app
Architecting a Secure RESTful Node.js app
Express.js 4, Node.js and MongoDB REST API Tutorial
Build a RESTful API in 5 Minutes with NodeJS – Updated