Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Restful Authentication 
System with AngularJS & 
NodeJS
Hüseyin BABAL 
Full Stack Developer 
PHP, JAVA, NodeJS developer. 
Building highly scalable, realtime systems. 
Web Develo...
POST /signin 
username=.....&password=...... 
HTTP 200 
Set-Cookie: session=....... 
POST /user/me 
Cookie: session=.........
Boss: I want native mobile and desktop version 
of our current web application 
Developer: We need to develop new services...
My App I need to develop client 
Andr 
oid 
Window 
s 8 
iOS 
Desktop 
App 
independent system...
POST /signin 
username=.....&password=...... 
HTTP 200 
token: JWT (Bearer Token) 
POST /user/me 
Authorization: Bearer JW...
Wait! What is 
Bearer Token?
JWT 
Powerful token format used in HTTP headers in 
order to make some endpoint secure. 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV...
JWT 
header payload signatur 
e 
b64({ 
typ: ‘JWT’, 
alg: ‘HS256’ 
}) 
HMACSHA256(b64( 
header) + “.” + 
b64(payload), 
se...
Libraries 
Language Library Url 
PHP https://github.com/firebase/php-jwt 
.NET https://github.com/AzureAD/azure-activedire...
Architectur 
e 
Time
Mongo 
DB 
http://api.yoursite. 
com 
POST /signin 
username=.....&password=...... 
HTTP 200 
token: JWT (Bearer Token) 
P...
Advantages 
Client independent 
CDN 
Zero Coupling 
No cookie(session), no csrf 
Persistent token store 
Available for oth...
Demo
Thank you! 
Thank you
Upcoming SlideShare
Loading in …5
×

Token Based Authentication Systems

1,032 views

Published on

  • Be the first to comment

Token Based Authentication Systems

  1. 1. Restful Authentication System with AngularJS & NodeJS
  2. 2. Hüseyin BABAL Full Stack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net
  3. 3. POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com
  4. 4. Boss: I want native mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???
  5. 5. My App I need to develop client Andr oid Window s 8 iOS Desktop App independent system...
  6. 6. POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com
  7. 7. Wait! What is Bearer Token?
  8. 8. JWT Powerful token format used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts
  9. 9. JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts
  10. 10. Libraries Language Library Url PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/
  11. 11. Architectur e Time
  12. 12. Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)
  13. 13. Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)
  14. 14. Demo
  15. 15. Thank you! Thank you

×