SlideShare a Scribd company logo

Token Based Authentication Systems with AngularJS & NodeJS

Download as PPTX, PDF
Hüseyin BABAL
Hüseyin BABAL

Token Based Authentication Systems with AngularJS & NodeJS DEMO: https://github.com/cubuzoa/token-based-authentication-system-wtih-andgularjs-nodejs

Software
1 of 15
Restful Authentication System with AngularJS & NodeJS
Hüseyin BABAL Full Stack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net
POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com
Boss: I want native mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???
My App I need to develop client Andr oid Window s 8 iOS Desktop App independent system...
POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com
Wait! What is Bearer Token?
JWT Powerful token format used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts
JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts
Libraries Language Library Url PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/
Architectur e Time
Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)
Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)
Demo
Thank you! Thank you

Recommended

Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Stormpath
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
Micron Technology
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
Giulio De Donato
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
iMasters
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
robertjd
 
JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
 

Recommended

Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Stormpath
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
Micron Technology
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
Giulio De Donato
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
iMasters
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
robertjd
 
JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
Tuyen Vuong
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web Tokens
Ivan Rosolen
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
Stefan Achtsnit
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuOAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
Antonio Sanso
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
Alvaro Sanchez-Mariscal
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
Prabath Siriwardena
 
Sanjeev ghai 12
Sanjeev ghai 12Sanjeev ghai 12
Sanjeev ghai 12
Praveen kumar
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
Kirsten Hunter
 

More Related Content

What's hot

Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
Tuyen Vuong
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web Tokens
Ivan Rosolen
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
Stefan Achtsnit
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuOAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
Antonio Sanso
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
Alvaro Sanchez-Mariscal
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
Prabath Siriwardena
 

What's hot (20)

Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web Tokens
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuOAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RS
 
iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
 
Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015Stateless authentication for microservices - Greach 2015
Stateless authentication for microservices - Greach 2015
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
 

Similar to Token Based Authentication Systems with AngularJS & NodeJS

Sanjeev ghai 12
Sanjeev ghai 12Sanjeev ghai 12
Sanjeev ghai 12
Praveen kumar
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
Kirsten Hunter
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
Html5 For Jjugccc2009fall
Html5 For Jjugccc2009fallHtml5 For Jjugccc2009fall
Html5 For Jjugccc2009fall
Shumpei Shiraishi
 
Python Code Camp for Professionals 3/4
Python Code Camp for Professionals 3/4Python Code Camp for Professionals 3/4
Python Code Camp for Professionals 3/4
DEVCON
 
5.node js
5.node js5.node js
5.node js
Geunhyung Kim
 
"Your script just killed my site" by Steve Souders
"Your script just killed my site" by Steve Souders"Your script just killed my site" by Steve Souders
"Your script just killed my site" by Steve SoudersDmitry Makarchuk
 
HTML for the Mobile Web, Firefox OS
HTML for the Mobile Web, Firefox OSHTML for the Mobile Web, Firefox OS
HTML for the Mobile Web, Firefox OS
All Things Open
 
Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...
Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...
Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...Frédéric Harper
 
Connect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleConnect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick Streule
Atlassian
 
OSCON 2011 Learning CouchDB
OSCON 2011 Learning CouchDBOSCON 2011 Learning CouchDB
OSCON 2011 Learning CouchDB
Bradley Holt
 
Web scraping 101 with goutte
Web scraping 101 with goutteWeb scraping 101 with goutte
Web scraping 101 with goutte
Joshua Copeland
 
HTML5: friend or foe (to Flash)?
HTML5: friend or foe (to Flash)?HTML5: friend or foe (to Flash)?
HTML5: friend or foe (to Flash)?
Remy Sharp
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and Python
PiXeL16
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
Node.js introduction
Node.js introductionNode.js introduction
Node.js introduction
Parth Joshi
 
Nko workshop - node js crud & deploy
Nko workshop - node js crud & deployNko workshop - node js crud & deploy
Nko workshop - node js crud & deploySimon Su
 
Token based-oauth2
Token based-oauth2Token based-oauth2
Token based-oauth2
andreyradzkov
 
Webové aplikace v JavaScriptu
Webové aplikace v JavaScriptuWebové aplikace v JavaScriptu
Webové aplikace v JavaScriptu
Pavol Hejný
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
Joel Lord
 

Similar to Token Based Authentication Systems with AngularJS & NodeJS (20)

Sanjeev ghai 12
Sanjeev ghai 12Sanjeev ghai 12
Sanjeev ghai 12
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
 
Html5 For Jjugccc2009fall
Html5 For Jjugccc2009fallHtml5 For Jjugccc2009fall
Html5 For Jjugccc2009fall
 
Python Code Camp for Professionals 3/4
Python Code Camp for Professionals 3/4Python Code Camp for Professionals 3/4
Python Code Camp for Professionals 3/4
 
5.node js
5.node js5.node js
5.node js
 
"Your script just killed my site" by Steve Souders
"Your script just killed my site" by Steve Souders"Your script just killed my site" by Steve Souders
"Your script just killed my site" by Steve Souders
 
HTML for the Mobile Web, Firefox OS
HTML for the Mobile Web, Firefox OSHTML for the Mobile Web, Firefox OS
HTML for the Mobile Web, Firefox OS
 
Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...
Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...
Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...
 
Connect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick StreuleConnect Intergration Patterns: A Case Study - Patrick Streule
Connect Intergration Patterns: A Case Study - Patrick Streule
 
OSCON 2011 Learning CouchDB
OSCON 2011 Learning CouchDBOSCON 2011 Learning CouchDB
OSCON 2011 Learning CouchDB
 
Web scraping 101 with goutte
Web scraping 101 with goutteWeb scraping 101 with goutte
Web scraping 101 with goutte
 
HTML5: friend or foe (to Flash)?
HTML5: friend or foe (to Flash)?HTML5: friend or foe (to Flash)?
HTML5: friend or foe (to Flash)?
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and Python
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
Node.js introduction
Node.js introductionNode.js introduction
Node.js introduction
 
Nko workshop - node js crud & deploy
Nko workshop - node js crud & deployNko workshop - node js crud & deploy
Nko workshop - node js crud & deploy
 
Token based-oauth2
Token based-oauth2Token based-oauth2
Token based-oauth2
 
Webové aplikace v JavaScriptu
Webové aplikace v JavaScriptuWebové aplikace v JavaScriptu
Webové aplikace v JavaScriptu
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 

More from Hüseyin BABAL

Infinite Scalable Systems with Docker
Infinite Scalable Systems with DockerInfinite Scalable Systems with Docker
Infinite Scalable Systems with Docker
Hüseyin BABAL
 
MongoDB GeoSpatial Feature
MongoDB GeoSpatial FeatureMongoDB GeoSpatial Feature
MongoDB GeoSpatial Feature
Hüseyin BABAL
 
NodeJS ve API Tasarım Temelleri
NodeJS ve API Tasarım TemelleriNodeJS ve API Tasarım Temelleri
NodeJS ve API Tasarım Temelleri
Hüseyin BABAL
 
RESTful API Design Fundamentals
RESTful API Design FundamentalsRESTful API Design Fundamentals
RESTful API Design Fundamentals
Hüseyin BABAL
 
Token Based Authentication Systems
Token Based Authentication SystemsToken Based Authentication Systems
Token Based Authentication SystemsHüseyin BABAL
 
Make Your Application Social
Make Your Application SocialMake Your Application Social
Make Your Application Social
Hüseyin BABAL
 
Realtime web applications with ExpressJS and SocketIO
Realtime web applications with ExpressJS and SocketIORealtime web applications with ExpressJS and SocketIO
Realtime web applications with ExpressJS and SocketIO
Hüseyin BABAL
 
Complete MVC on NodeJS
Complete MVC on NodeJSComplete MVC on NodeJS
Complete MVC on NodeJS
Hüseyin BABAL
 

More from Hüseyin BABAL (8)

Infinite Scalable Systems with Docker
Infinite Scalable Systems with DockerInfinite Scalable Systems with Docker
Infinite Scalable Systems with Docker
 
MongoDB GeoSpatial Feature
MongoDB GeoSpatial FeatureMongoDB GeoSpatial Feature
MongoDB GeoSpatial Feature
 
NodeJS ve API Tasarım Temelleri
NodeJS ve API Tasarım TemelleriNodeJS ve API Tasarım Temelleri
NodeJS ve API Tasarım Temelleri
 
RESTful API Design Fundamentals
RESTful API Design FundamentalsRESTful API Design Fundamentals
RESTful API Design Fundamentals
 
Token Based Authentication Systems
Token Based Authentication SystemsToken Based Authentication Systems
Token Based Authentication Systems
 
Make Your Application Social
Make Your Application SocialMake Your Application Social
Make Your Application Social
 
Realtime web applications with ExpressJS and SocketIO
Realtime web applications with ExpressJS and SocketIORealtime web applications with ExpressJS and SocketIO
Realtime web applications with ExpressJS and SocketIO
 
Complete MVC on NodeJS
Complete MVC on NodeJSComplete MVC on NodeJS
Complete MVC on NodeJS
 

Recently uploaded

Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 

Recently uploaded (20)

Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 

Token Based Authentication Systems with AngularJS & NodeJS

  • 1. Restful Authentication System with AngularJS & NodeJS
  • 2. Hüseyin BABAL Full Stack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net
  • 3. POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com
  • 4. Boss: I want native mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???
  • 5. My App I need to develop client Andr oid Window s 8 iOS Desktop App independent system...
  • 6. POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com
  • 7. Wait! What is Bearer Token?
  • 8. JWT Powerful token format used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts
  • 9. JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts
  • 10. Libraries Language Library Url PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/
  • 12. Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)
  • 13. Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)
  • 14. Demo