Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
10 views21 pages

Module-V (Authentication & Session Management)

The document discusses authentication, session management, and API security within the MEAN stack framework. It highlights challenges such as statelessness and the importance of one-way password encryption using hashes and salts. Additionally, it outlines the process of creating an authentication API with Passport, including user validation and JWT generation.

Uploaded by

vvce22cse0028
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
10 views21 pages

Module-V (Authentication & Session Management)

The document discusses authentication, session management, and API security within the MEAN stack framework. It highlights challenges such as statelessness and the importance of one-way password encryption using hashes and salts. Additionally, it outlines the process of creating an authentication API with Passport, including user validation and JWT generation.

Uploaded by

vvce22cse0028
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

MODULE-5

 AUTHENTICATION

SESSION MANAGEMENT

API SECURITY
Traditional
Authentication
Process
Traditional Authentication
Process
Authentication in the MEAN stack poses
two problems
The
application
The API is logic is
stateless, as already
Express and delivered to
Node have no the browser,
concept of so you can’t
user sessions limit the code
Managing Session in MEAN
Login flow in MEAN Application
COOKIE vs TOKEN(JWT)
Changing View in SPA(based on
data inside JWT)
Securely Calling an API
MongoDB
Schema
for User
Credential
s
Why One-way password encryption:
Hashes and salts?
• One-way encryption prevents anyone from decrypting
the password, while still making it easy to validate a
correct password
• Encrypting isn’t enough, though. If several people
used the word password as their password (it
happens!) the encryption for each is the same
• Any hackers looking through the database could see
this pattern and identify potentially weak passwords
One-Way Password Encryption:
Hashes & Salt
User Scheme and method
Validating the Submitted
Password
JSON Web Token(JWT) Generator
Parts of JSON WEB TOKEN(JWT)
Generating JWT
Generating JWT
Creating an Authentication API with
Passport
• Strategies->Facebook, Twitter, Oauth, Local username and password
• $ npm install –-save passport passport-local
• const passport = require('passport');
• const LocalStrategy = require('passport-local').Strategy;

• passport.use(new LocalStrategy({
• usernameField: 'email'
• },
• (username, password, done) => {
• }
• ));
Creating an Authentication API with
Passport
Step inside the function
• Find a user with the email address supplied.
• Check whether the password is valid.
• Return the user object if the user is found and the password is valid.
• Otherwise, return a message stating what’s wrong.

app.use(passport.initialize());
CREATING THE REGISTER
CONTROLLER
The register controller needs to do the following
1 Validate that the required fields have been sent.
2 Create a new model instance of User.
3 Set the name and email address of the user.
4 Use the setPassword method to create and add the salt and the hash.
5 Save the user.
6 Return a JWT when saved.

You might also like