Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Token Based Authentication Systems with AngularJS & NodeJS

5,863 views

Published on

Token Based Authentication Systems with AngularJS & NodeJS

DEMO: https://github.com/cubuzoa/token-based-authentication-system-wtih-andgularjs-nodejs

Published in: Software
  • Be the first to comment

Token Based Authentication Systems with AngularJS & NodeJS

  1. 1. Restful Authentication System with AngularJS & NodeJS
  2. 2. Hüseyin BABAL Full Stack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net
  3. 3. POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com
  4. 4. Boss: I want native mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???
  5. 5. My App I need to develop client Andr oid Window s 8 iOS Desktop App independent system...
  6. 6. POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com
  7. 7. Wait! What is Bearer Token?
  8. 8. JWT Powerful token format used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts
  9. 9. JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts
  10. 10. Libraries Language Library Url PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/
  11. 11. Architectur e Time
  12. 12. Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)
  13. 13. Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)
  14. 14. Demo
  15. 15. Thank you! Thank you

×