Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
There's even more to explore in the realm of authentication, too much to cover in a single course. However, in this video I'll highlight some different options you could use to add authentication to your apps.
Treehouse Workshop
Authentication Resources
Congratulations on creating
an authentication system in node.js
0:00
using Express and Mongo DB.
0:04
Now I've covered a lot of concepts and
we've written a lot of code.
0:07
There's even more to explore in
the realm of authentication.
0:10
Too much to cover in a single course.
0:14
However in this video, I'll highlight some
different options you could use to add
0:16
authentication to your apps.
0:19
There are a collection of links
in the teacher's notes for
0:21
you to reference after this video.
0:24
First, I want to make note of how we can
improve the security of our application.
0:27
When a user is logging in,
you don't want their username and
0:31
password transferred freely from
their browser to your server.
0:35
Someone along the way can intercept
the traffic and get those credentials.
0:39
The same is true when a user signs up,
disclosing personal or
0:43
financial information.
0:46
On any site that uses authentication,
you should serve your site via HTTPS.
0:48
The S on the end stands for secure because
it uses TLS, or transport layer security.
0:54
This means that the data being
transferred is encrypted.
1:02
Which prevents our users' information,
from being intercepted and deciphered.
1:05
In fact, these days many sites
use HTTPS for all requests and
1:10
responses, not just for form data.
1:15
To use HTTPS you'll need to acquire a
certificate signed by a trusted source to
1:18
verify the security of the website.
1:23
You can get a certificate for
free from Let's Encrypt.
1:26
Check the teacher's notes for
a link to their website.
1:29
It requires some set up on your
server to use your free certificate.
1:32
They explain how on their website.
1:35
In addition, there are other ways to add
authentication to an expressed site.
1:38
The cookies and sessions method
we created is just one way, but
1:42
there are many others.
1:46
For example,
1:47
you can add authentication to a site using
what's called token based authentication.
1:48
When a user submit their credentials
to log into the website,
1:53
the server responds with a token that
allows a user to request various resources
1:56
without submitting their username and
password again.
2:02
That token can then be offered to
the server with each subsequent request
2:05
to allow the user to gain
access to a specific resource.
2:10
If you've ever signed in to a site
using your GitHub, Facebook or
2:14
Google account,
you've used token-based authentication.
2:17
It's another way of gaining
the functionality we achieved with
2:21
sessions and cookies.
2:24
Instead of using a session ID to
look in the session object for
2:25
our users information, we can access it
from a token generated by the server.
2:29
Two popular approaches to token-based
authorization are o-op and
2:34
JSON web tokens.
2:38
You can find more information
about each in the teacher's notes.
2:40
Finally, another popular option for
2:44
adding authentication to
an express app is Passport.
2:46
Passport is middleware that supports a
wide variety of authentication strategies.
2:50
You can include
the passport middleware and
2:55
authenticate with a username and password.
2:57
Passport also lets users sign up and log
in using third party sites like GitHub,
3:00
Twitter, Facebook, Google, and
Instagram among many others.
3:05
After you install the passport package and
require it in app.js, you can then
3:09
use the middleware to authenticate
with the strategy of your choice.
3:14
There are many options available for
3:18
customizing an authentication
strategy with Passport.
3:20
And you can see how to implement
Passport via their documentation.
3:23
Check the teachers notes for
more information on it and
3:27
a link to a treehouse workshop.
3:29
Now you know more about authentication,
sessions, cookies, encryption, and
3:32
how to use Express middleware.
3:36
Thanks for joining me in this course.
3:38
Have fun and keep programming
3:40
You need to sign up for Treehouse in order to download course files.
Sign up