In order to authenticate users, web applications often store user passwords. This can be tricky, because password storage mechanisms are a watering hole for bad advice: there are several solutions to this problem but very few are truly secure. If you store the passwords of your users, your goal should be to make sure that in the event of a data compromise, user passwords should remain safe. The best way to store users passwords is to use a password-based key derivation function (PBKDF) with a sufficient work factor. If your application does not leverage a PBKDF, you should migrate password storage schemes immedietely. More on this later.
The Service Oriented Architecture (SOA) introduced a design paradigm, which talks about a highly decoupled service deployment where the services talk to each other over the network with a…
Read on to learn the basics of OAuth 2.0, key terms, registering clients and getting client credentials, etc., as well as to learn how to get access tokens.
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user acc
We will be building a user authentication in a single page application with Node, React, Redux and Koa combined with Passport. We will implement local authentication, where users can log in using an email and passport, and authentication with Facebook, which can be used with other social networks and OAuth providers.