Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
There's even more to explore in the realm of authentication, too much to cover in a single course. However, in this video I'll highlight some different options you could use to add authentication to your apps.
Treehouse Workshop
Authentication Resources
-
0:00
Congratulations on creating an authentication system in node.js
-
0:04
using Express and Mongo DB.
-
0:07
Now I've covered a lot of concepts and we've written a lot of code.
-
0:10
There's even more to explore in the realm of authentication.
-
0:14
Too much to cover in a single course.
-
0:16
However in this video, I'll highlight some different options you could use to add
-
0:19
authentication to your apps.
-
0:21
There are a collection of links in the teacher's notes for
-
0:24
you to reference after this video.
-
0:27
First, I want to make note of how we can improve the security of our application.
-
0:31
When a user is logging in, you don't want their username and
-
0:35
password transferred freely from their browser to your server.
-
0:39
Someone along the way can intercept the traffic and get those credentials.
-
0:43
The same is true when a user signs up, disclosing personal or
-
0:46
financial information.
-
0:48
On any site that uses authentication, you should serve your site via HTTPS.
-
0:54
The S on the end stands for secure because it uses TLS, or transport layer security.
-
1:02
This means that the data being transferred is encrypted.
-
1:05
Which prevents our users' information, from being intercepted and deciphered.
-
1:10
In fact, these days many sites use HTTPS for all requests and
-
1:15
responses, not just for form data.
-
1:18
To use HTTPS you'll need to acquire a certificate signed by a trusted source to
-
1:23
verify the security of the website.
-
1:26
You can get a certificate for free from Let's Encrypt.
-
1:29
Check the teacher's notes for a link to their website.
-
1:32
It requires some set up on your server to use your free certificate.
-
1:35
They explain how on their website.
-
1:38
In addition, there are other ways to add authentication to an expressed site.
-
1:42
The cookies and sessions method we created is just one way, but
-
1:46
there are many others.
-
1:47
For example,
-
1:48
you can add authentication to a site using what's called token based authentication.
-
1:53
When a user submit their credentials to log into the website,
-
1:56
the server responds with a token that allows a user to request various resources
-
2:02
without submitting their username and password again.
-
2:05
That token can then be offered to the server with each subsequent request
-
2:10
to allow the user to gain access to a specific resource.
-
2:14
If you've ever signed in to a site using your GitHub, Facebook or
-
2:17
Google account, you've used token-based authentication.
-
2:21
It's another way of gaining the functionality we achieved with
-
2:24
sessions and cookies.
-
2:25
Instead of using a session ID to look in the session object for
-
2:29
our users information, we can access it from a token generated by the server.
-
2:34
Two popular approaches to token-based authorization are o-op and
-
2:38
JSON web tokens.
-
2:40
You can find more information about each in the teacher's notes.
-
2:44
Finally, another popular option for
-
2:46
adding authentication to an express app is Passport.
-
2:50
Passport is middleware that supports a wide variety of authentication strategies.
-
2:55
You can include the passport middleware and
-
2:57
authenticate with a username and password.
-
3:00
Passport also lets users sign up and log in using third party sites like GitHub,
-
3:05
Twitter, Facebook, Google, and Instagram among many others.
-
3:09
After you install the passport package and require it in app.js, you can then
-
3:14
use the middleware to authenticate with the strategy of your choice.
-
3:18
There are many options available for
-
3:20
customizing an authentication strategy with Passport.
-
3:23
And you can see how to implement Passport via their documentation.
-
3:27
Check the teachers notes for more information on it and
-
3:29
a link to a treehouse workshop.
-
3:32
Now you know more about authentication, sessions, cookies, encryption, and
-
3:36
how to use Express middleware.
-
3:38
Thanks for joining me in this course.
-
3:40
Have fun and keep programming
You need to sign up for Treehouse in order to download course files.
Sign up