1 00:00:00,000 --> 00:00:09,360 [MUSIC] 2 00:00:09,360 --> 00:00:13,690 Hello, Alena here to talk about authentication and security. 3 00:00:13,690 --> 00:00:18,790 Security is a huge topic, not only because of it's importance but 4 00:00:18,790 --> 00:00:21,790 also because there are so many different pieces. 5 00:00:21,790 --> 00:00:24,660 Before we start, I wanna let you in on a little secret. 6 00:00:25,790 --> 00:00:31,510 Security is always changing, so everyone is continuously learning. 7 00:00:31,510 --> 00:00:35,780 This means you're in a great position because you know how to learn. 8 00:00:35,780 --> 00:00:39,310 And if you'd like even more ideas for getting the most out of your learning, 9 00:00:39,310 --> 00:00:42,330 check out our How to Learn series, I'll link to it in the notes. 10 00:00:43,880 --> 00:00:46,460 Because security is always changing, 11 00:00:46,460 --> 00:00:50,670 one of the most important tools you'll be using is refactoring. 12 00:00:50,670 --> 00:00:54,760 Refactoring is the process of restructuring your code 13 00:00:54,760 --> 00:00:57,960 without changing the external behaviours. 14 00:00:57,960 --> 00:01:01,030 Developers use refactoring all the time, 15 00:01:01,030 --> 00:01:06,060 as technology is constantly changing, and security is no different. 16 00:01:06,060 --> 00:01:10,310 As you continue to learn more and security continues to evolve, 17 00:01:10,310 --> 00:01:15,120 you'll need to keep your code and the packages you use up-to-date. 18 00:01:15,120 --> 00:01:19,190 The project we'll be working on today is a book site, 19 00:01:19,190 --> 00:01:25,220 it already has a functional, session-based authentication and authorisation system. 20 00:01:25,220 --> 00:01:29,320 We won't be changing the behaviour of the project, instead, 21 00:01:29,320 --> 00:01:35,660 we'll be refactoring to increase security by using cookies and JSON web tokens. 22 00:01:35,660 --> 00:01:37,719 To get the most out of this course, 23 00:01:37,719 --> 00:01:41,494 you should already understand the basics of authentication. 24 00:01:41,494 --> 00:01:45,716 If you haven't learned the basics yet, or if you need a refresher, 25 00:01:45,716 --> 00:01:48,545 check the notes associated with this video. 26 00:01:48,545 --> 00:01:53,160 The technologies we'll be using in this course are cookies and tokens. 27 00:01:53,160 --> 00:01:56,970 We'll be using them together for our authentication system, but 28 00:01:56,970 --> 00:01:59,870 these technologies can be used independently of each other. 29 00:02:01,050 --> 00:02:05,420 Cookies are way for browser to store information, this can be 30 00:02:05,420 --> 00:02:10,360 anything from a language preference to how a visitor found out about the site. 31 00:02:10,360 --> 00:02:15,080 Cookies are used on any type of site, even ones that don't use authentication. 32 00:02:16,220 --> 00:02:21,270 Tokens are a stand-in, or representation for something else. 33 00:02:21,270 --> 00:02:26,717 In the real world, this may be a keycard that let's you access a building, 34 00:02:26,717 --> 00:02:32,438 or a wedding ring that represents your vows, both of these are a type of token. 35 00:02:32,438 --> 00:02:37,760 In the same way, a token in software represents something else, 36 00:02:37,760 --> 00:02:40,289 such as user authentication. 37 00:02:40,289 --> 00:02:45,295 A user would log into a system once, and then be presented with a token, 38 00:02:45,295 --> 00:02:49,850 which would then be used for all further requests. 39 00:02:49,850 --> 00:02:56,240 Tokens can be given a time limit, also shared between sites, and destroyed or 40 00:02:56,240 --> 00:03:01,980 reissued at any time without requiring a user to update their username or password. 41 00:03:03,060 --> 00:03:08,260 Tokens are stored on a user's device, but they do not need to be stored in a cookie. 42 00:03:08,260 --> 00:03:12,070 They may be used on a mobile device using local storage. 43 00:03:12,070 --> 00:03:14,690 Whether you use cookies and tokens together or 44 00:03:14,690 --> 00:03:19,170 separate, this course will show you how to work with each of those technologies 45 00:03:19,170 --> 00:03:20,840 to build the solution you need.