Confusion regarding implementation of token based authentication [Node js Express js] - javascript

After all the research on authentication methods related to nodejs and express js, I am standing in no man's land.
By far the easiest session related tutorial I have come across is this.
https://codeforgeek.com/2014/09/manage-session-using-node-js-express-4/
I am using mean stack and this is what I really want to do. The user when logins will get an authentication token that will be saved on the client side and then before every page reload a call will be made to the server to check if the user is authenticated or not.
Here comes the tricky part.
I am using the server to work for Computer - that is angular based system and cellphone which is based on android - an android application.
In short that means a user may login using his computer and cellphone as well (using the application) at the same time.
How to implement this is still a mystery for me. Please direct me to some tutorials or gits which will explain this things in simplest possible means.
Please don't respond with passport js only because I have failed to find anything meaningful there, or maybe it is possible that I am looking at the wrong place.
I am new to all this that is way this problematic.
Thanks for your help.

The most reliable way to implement the token based authentication is to use oAuth2.0 which also involve use of passport JS
Here , use this example as a reference point for implementing the token based authorization
http://scottksmith.com/blog/2014/07/02/beer-locker-building-a-restful-api-with-node-oauth2-server/
This sample code have fully functional OAuth2 server done with just a little bit of work. it uses OAuth2orize library that makes building server very straightfoward.

As you have mentioned that you are using Angular and NodeJS and want to implement Token Based Authentication.
I would suggest you use Satellizer.
Also you can find NodeJS implementation over here:
NodeJS Example.

My answer is for all the beginners out there. I read something similar in facebook's node js group and I think the problem I am facing is not unique.
The passport js which is very famous just works as a middle ware and if you have to include options like google authentication, facebook authentication etc. this is very useful as most of the work is already done and your middleware work is handled by this module.
But if like me you are searching for something simple and all you want is a proper authentication system with database then this might not be necessary, this = passport js module.
You are surely depending on one more module which is complex as well, if you want to implement token based authentication. In the end if you are handling all the authentication work in the middle by yourself, why should you use a module as well which increases complexity in the end.
I even took suggestion from other node js developers who have worked on this for good amount of time and they think it is okay to head without passport js if you are ready to work with middleware yourself and you don't need fb etc. authentication.
I hope this will help others who are new to all this.

Since the question referred to my article directly. Here is the token based implementation using Node.js as the answer.
https://codeforgeek.com/2016/08/token-based-authentication-using-nodejs-rethinkdb/
Hope it helps.

Related

What are the best tools to make an online card game?

I'm looking for some event/reactive online tools to make a card game in a browser.
I think JS is most appropriate here but I'm open to all propositions.
I already tried VueJS / Node with Socket.IO but I think it's very messy and not organized enough to make a project like this. So I was wondering if you guys knew some frameworks to make the job.
The projects is to make an online card game like poker.
Thanks !
You could try pixi.js or phaser 3+.
Also I've wright one of my card-games only using html+css+javascript.
For back-end you could use whatever you want. NodeJS + websockets is good choice!
If the main matter is the realtime database connection (for which you are looking for websockets), you could create the game and store it's data to firebase firestore, this way you could get everything synced in real time with a less pain than a node server setup, (for this purpose), if you need some backend functionality you could also work with firebase functions in order to achieve some backend stuff, also you could even store your project on firebase hosting, have an authentication ready platform with firebase auth and depending on your needs you would not even pay a penny (this really depends on the usage)
Hope this could at least be an option to consider.
Check the firebase documentation: FIREBASE
Even if you wish to work with Unity instead of VueJS you can also use firebase for all this matters.

Authentication in openUI5 how i can do this?

hello guys I would like to ask for help from you, I am developing my first application using openUI5, this application is already well advanced thanks to the help of the forums here and some research I did. however, I came across a problem in which I don't know how to proceed. in my application it will be necessary to register and login, so i did a search and found q many do this part of login using JWT, then i did the same i did a backend application to make this token available to me, however i don't know how to effectively use it in my project .
I currently have an API running, in ASP.NET, on a machine at AMAZON that when running it I get the token but I don't know what to do exactly with that token if someone can pass me the way of what I will be very grateful.
anyone who can provide me with an example or something in that sense would be very useful

Is there a way to allow user accounts (sign up+register) with just javascript (angular frontend and node,express server code)?

Most of what I've found uses php, or something similar.
I have an Angular frontend, and Node/express server code. No backend yet. I'm not sure how to proceed with user sign-up.
It is very unsafe to to do sign-up and so on without a backend. A backend means a thing running on server rather than client, so what it does is invisible to the users, thus making it safe. Think about how dangerous it will be when your password-checking and so on are all on client and the user can see everything - thus change everything!
However, node.js is already a backend.
For your question, please search nodejs user system then you will find a lot of answers.
Possible answers:
User Management System in node.js
https://engineering.gosquared.com/admin-systems-in-node
...
In short, you have two main ways: The first is to use a framework or a library containing that feature, and the second is to build it yourself through a tutorial.
Hope it works!
It looks like you are one step away from a MEAN stack! And yes, as Sylwit pointed out, your node/express server code is your back-end.
I would recommend you take a look into MongoDB as a database to get you started (you will need to store user credentials/registration information somewhere).
MongoDB is a NoSQL style of a database that will allow you to do what you want, assuming you write the registration and login/logout code to link up to the DB. You don't have to use MongoDB, but since you are just getting started this might be easier because the MEAN stack (Mongo, Express, Angular, Node) is a very popular stack right now and there are plenty of resources online (and on Stack Overflow) to get you started.
Check out the following guide for example:
http://jasonwatmore.com/post/2015/12/09/mean-stack-user-registration-and-login-example-tutorial

meanJS with Java backend

Me and couple of my friends want to do a web application and eventually we want to write in 3 different OS for phone applications, I am insisting to use meanJS for the front-end but since it is a full stack framework I am not sure if we can use Java for some background features:
1) How efficient and safe it can be? Specifically; if we use meanJS with Java, we will choose to use MongoDB to save some profile information(front-end) and save some information that our Java feature needs - how safe is the connection of the back-end Java feature to MongoDB? Please explain with specifics.
2) Is Node.js a good way to make this web application? or Should we just use angularJS for front-end and Java for backgend with SQL/MongoDB and save all the information(includign profile information) in the backend part and make the communication between angularJS and Java through Tomcat server? Please explain with specifics too.
If you want to use Angular and MongoDB in your application, that is fine, but its not a MEAN stack if you're missing Node+Express.
1) Can't comment on this, never used either.
2) It's hard to say if Node is good for your application without knowing what your application is. It may be the best choice, it may be the worst. In the end, if you're not sure, go with what you're most comfortable with. The stack you explained is definitely possible, and if you feel like you can pull it off, then go for it.

How to secure Node.js connect-rest REST API with OAuth?

I tried Googling around for some examples, or well anything, but couldn't find any results. I think partially because the name of the package "connect-rest" is so generic.
Anyway, here is what i'm looking to do. I am using the Node module "connect-rest" to build a server side API. It is mostly finished at this point, and i'm now looking to secure it. Now the module itself has a system of authentication with API Keys, which is well and fine, but not very secure for Javascript clients, since anyone could just browse the source and grab the key. And trying to secure a key -- well it just doesn't work without getting super complicated.
So instead i'd rather use a standard OAuth setup. I was hoping to use Passport in combination with connect-rest and wondering if anyone has done this before or point me to some examples?
I found exactly what I needed with OAuthorize: https://github.com/jaredhanson/oauthorize which is written by the same guy as Passport.
We used the following guide for our own learning when we started a similar process: http://scotch.io/tutorials/javascript/easy-node-authentication-setup-and-local
Also take a look at MeanJS. It has a built in authentication/user system.

Categories

Resources