Reactive programming is powerful and is becoming increasingly popular with libraries such as RxJS. We can make a stream out of just about anything, including API communication and authentication. Check out the repo for this tutorial to see the code.
Tag Archives: JWT
Adding authentication to an AngularJS and Laravel application is not the most straight-forward, especially if we take the approach of creating independent front-end and backend applications and connecting them with an API exposed by Laravel. Laravel comes with easy-to-use authentication out of the box, but it is session-based and is therefore most useful for traditional round-trip applications.
For single page applications that rely on an API, a better way to handle authentication is with JSON Web Tokens, or JWTs. Put simply, a JWT (pronouncedjot) is a JSON object with three distinct parts that are used together to convey information between two parties. JWTs consist of a header, a payload and a signature which are all encoded. We won’t get into full detail about the structure and inner workings of JWTs in this tutorial, but Chris covers it in The Anatomy of a JSON Web Token.
To fully understand how JWTs are used, we have to shift our thinking a bit. Traditional authentication requires that the server store the user’s authentication information which is checked every time the user makes a request. This method creates challenges when the application grows and needs to scale up, especially if it is distributed across several different servers. It also becomes problematic when we want to use our API for other purposes, such as for mobile applications. To get a better understanding of the limitations of server-based authentication and how JWTs can help, read The Ins and Outs of Token Based Authentication.
JWT, access token, token, OAuth token.. what does it all mean??
Properly known as “JSON Web Tokens”, JWTs are a fairly new player in the authentication space. Being the cool new thing, everyone is hip to start using them. But are you doing it securely? In this article we’ll discuss best practices for JWTs, while showing you how to use the nJwt library for creating and verifying JWTs in your Node.js application.
Table of Contents
Demo & Source Code
Database and User Model
Authentication Middleware and JWT
Login and Signup Express Routes
Instagram Authentication Express Route
Instagram API Endpoints
Back to the client-Side
Satellizer is a token-based authentication module for AngularJS that comes with built-in support for Facebook, Google, LinkedIn, Twitter, GitHub, Yahoo and Windows Live OAuth providers, as well as a more traditional email and password sign-in flow.
Stormpath has recently worked on token authentication features using JSON Web Tokens (JWT), and we have had many conversations about the security of these tokens and where to store them.
If you are curious about your options, this post is for you. We will cover the basics of JSON Web Tokens (JWT), cookies, HTML5 web storage (localStorage/sessionStorage), and basic information about cross-site scripting (XSS) and cross site request forgery (CSRF).
Let’s get started…
[Editor’s Note: We’re starting a new series on this blog, called Jixee Hotfix. It will feature real problems that our engineering team encounter on a weekly basis and the solutions they come up with to fix it. Posts are written by the engineers encountering the problems. This post was written by our VP of Ops, Eric Norton.]
This article is the first in a series that will show you how to write a REST API written in NodeJS and Express, that uses MongoDB to store data, and JSON Web Tokens(JWT) to provide a simple authentication mechanism. For those who came here wanting to learn about JSON Web Tokens (JWT) authentication, that is covered in part 2 here. This installment of the series will only cover details on how to create a REST API using MongoDB as a persistent data store.
You might be asking yourself, ‘why another REST API tutorial?’ With a substantial amount of great articles out there on the subject, it’s a fair question. Let me give a little background on this project to explain. A task fell in my lap a short time ago that required a simple REST API to import and export data stored by one of our services. In my search for a simple solution, I found many great blog articles that covered some of the concepts I was interested in, but not all. For instance, some discussed building APIs that stored and retrieved data, and some discussed simple JWT auth, but did not cover how you would incorporate a persistent data store. I decided that I’d like to write an article that combines all of the concepts I was looking for into one concise resource. While I will cover a lot of the concepts I learned in the aforementioned articles, I encourage you to take a look at what inspired this post, as they are great resources on the subject matter:
Creating A Simple Restful Web App with NodeJS, Express, and MongoDB
REST follow-up exercise, implementing a PUT into a simple web app
Architecting a Secure RESTful Node.js app
Express.js 4, Node.js and MongoDB REST API Tutorial
Build a RESTful API in 5 Minutes with NodeJS – Updated