Giter VIP home page Giter VIP logo

expressjwtcookiesoauth's Introduction

expressJWTcookiesOAuth

Just a simple example of https+express+passport, merely with an academic purpose.

In order to configure the HTTPs server, you need a certificate and a private key in PEM format. Where to find those files is configured in config/tls/config.js. By default, it is expecting to find the private key in config/tls/privkey.pem and the certificate in config/tls/cert.pem.

All the session information is stored in a JWT on the client side (sessionless passport). In order to minimize the code, as the client is a browser, we will use cookies for token storage (on the client) and exchange (between client and server). JWT and cookies configuration options are stored in config/tokenNCookies. You MUST revisit that file. Please note that the server's secret for 'signing' (HMACing) the token is one of the options, so be careful if you are syncing that file with an online repository.

User login can be performed with two strategies:

  1. Standard username/password. The server stores bcrypt-ed passwords that are checked against the user-provided one. For the sake of simplicity, no DB is used and two example users are hardcoded in config/users.js. You can create new bcrypt-ed passwords using the provided script tools/bcrypt.js. The salt value is randomly chosen and the number of rounds defaults to 13 but can be set to any value as a second argument; e.g. for password hello123:
$ node bcrypt.js hello123
$2b$13$x2B9adECo7EkKuDbujJe1unW3icISCctreasFOJFiLyyWUdDOO9zu
$ node bcrypt.js hello123 16
$2b$16$ZiY1yscail4V72CYP1IK3uaC3owprKpLftbHCutDvCVxKSlYVe6qW
  1. GitHub using the OAuth 2.0 API. Login with a GitHub account. You must register first an application with GitHub. If you have not already done so, a new application can be created at developer applications within GitHub's settings panel. Your application will be issued a client ID and client secret, which need to be provided to the strategy. You will also need to configure a callback URL which matches the route in your application. In this example there is already a route for the callback URL listening on /auth/github/callback. Once you have all the required data, you have to create a file config/IdP/github.js with the following contents:
module.exports = {
   clientID: '<yourClientId>',
   clientSecret: '<yourClientSecret>',
   callbackURL: 'https://<yourDomain>[:<yourPort>]/auth/github/callback'
};

expressjwtcookiesoauth's People

Contributors

dependabot[bot] avatar juanelas avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.