Next Steps

Congratulations on creating an authentication system in node.js 0:00 using Express and Mongo DB. 0:04 Now I've covered a lot of concepts and we've written a lot of code. 0:07 There's even more to explore in the realm of authentication. 0:10 Too much to cover in a single course. 0:14 However in this video, I'll highlight some different options you could use to add 0:16 authentication to your apps. 0:19 There are a collection of links in the teacher's notes for 0:21 you to reference after this video. 0:24 First, I want to make note of how we can improve the security of our application. 0:27 When a user is logging in, you don't want their username and 0:31 password transferred freely from their browser to your server. 0:35 Someone along the way can intercept the traffic and get those credentials. 0:39 The same is true when a user signs up, disclosing personal or 0:43 financial information. 0:46 On any site that uses authentication, you should serve your site via HTTPS. 0:48 The S on the end stands for secure because it uses TLS, or transport layer security. 0:54 This means that the data being transferred is encrypted. 1:02 Which prevents our users' information, from being intercepted and deciphered. 1:05 In fact, these days many sites use HTTPS for all requests and 1:10 responses, not just for form data. 1:15 To use HTTPS you'll need to acquire a certificate signed by a trusted source to 1:18 verify the security of the website. 1:23 You can get a certificate for free from Let's Encrypt. 1:26 Check the teacher's notes for a link to their website. 1:29 It requires some set up on your server to use your free certificate. 1:32 They explain how on their website. 1:35 In addition, there are other ways to add authentication to an expressed site. 1:38 The cookies and sessions method we created is just one way, but 1:42 there are many others. 1:46 For example, 1:47 you can add authentication to a site using what's called token based authentication. 1:48 When a user submit their credentials to log into the website, 1:53 the server responds with a token that allows a user to request various resources 1:56 without submitting their username and password again. 2:02 That token can then be offered to the server with each subsequent request 2:05 to allow the user to gain access to a specific resource. 2:10 If you've ever signed in to a site using your GitHub, Facebook or 2:14 Google account, you've used token-based authentication. 2:17 It's another way of gaining the functionality we achieved with 2:21 sessions and cookies. 2:24 Instead of using a session ID to look in the session object for 2:25 our users information, we can access it from a token generated by the server. 2:29 Two popular approaches to token-based authorization are o-op and 2:34 JSON web tokens. 2:38 You can find more information about each in the teacher's notes. 2:40 Finally, another popular option for 2:44 adding authentication to an express app is Passport. 2:46 Passport is middleware that supports a wide variety of authentication strategies. 2:50 You can include the passport middleware and 2:55 authenticate with a username and password. 2:57 Passport also lets users sign up and log in using third party sites like GitHub, 3:00 Twitter, Facebook, Google, and Instagram among many others. 3:05 After you install the passport package and require it in app.js, you can then 3:09 use the middleware to authenticate with the strategy of your choice. 3:14 There are many options available for 3:18 customizing an authentication strategy with Passport. 3:20 And you can see how to implement Passport via their documentation. 3:23 Check the teachers notes for more information on it and 3:27 a link to a treehouse workshop. 3:29 Now you know more about authentication, sessions, cookies, encryption, and 3:32 how to use Express middleware. 3:36 Thanks for joining me in this course. 3:38 Have fun and keep programming 3:40