This week I will be giving a talk at NY JavaScript on how to build authenticated systems which have multiple services and multiple clients.
In this talk we will look at a sample auth service which lets users login via numerous OAuth2 providers (Google, Facebook, Twitter etc) or using username and password.
The auth service uses a bower component to present a static HTML 5 UI, instead of using server side templating.
The auth service also shows how to use JWT instead of sessions to identify and enforce the user's permissions for the requested resource.
The auth service shows how you can persist users using sequelize (which lets you learn with sqlite and use postgres later).
The auth ui uses a simple form submit to hit the auth service (it also shows an example of an Ajax request using fetch).
There is a sample client which is an HTML5 bower component in vanilla JavaScript. The client uses JWT to detect if you are logged in and have permissions to view resources.
There is a library that contains the the system's public key and JWT options which can be used both client and server side to verify tokens.
Github codebase:
No comments:
Post a Comment