Giter VIP home page Giter VIP logo

bearer-auth's Introduction

Bearer Authorization

Created by Ryan Emmans

Summary of Problem Domain

Phase 1 Requirements

As a user, I want to create a new account so that I may later login

  • Using a tool such as httpie, postman, or a web form:
    • Make a POST request to the/signup route with username and password
    • Your server should support both JSON and FORM data as input
    • On a successful account creation, return a 201 status with the user object in the body
    • On any error, trigger your error handler with an appropriate error

As a user, I want to login to my account so that I may access protected information

  • Using a tool such as httpie, postman, or a web form:
    • Make a POST request to the /signin route
    • Send a basic authentication header with a properly encoded username and password combination
    • On a successful account login, return a 200 status with the user object in the body
    • On any error, trigger your error handler with the message “Invalid Login”

Phase 2 Requirements

Any user that has successfully logged in using basic authentication (username and password) is able to continuously authenticate … using a “token”

As a user, I want to obtain a token after I signin, so that I can re-authenticate

  • Using a tool such as httpie, postman, or a web form:
    • Following a POST to /signup to create an account (or) Following a POST to `/signin with basic authorization

      • Send a response to the client with the proper status code along with an object with the following properties

        {
  user: {
    _id: 'ID FROM DB',
    username: 'myusername'
  },
  token: 'JWT Token Here'
}

As a user, I want to use my token to access routes that require a valid user

  • Using httpie or postman, send a request to a “protected” route, such as /secretstuff
    • Your request must send an “Authorization” header, with the value of Bearer TOKEN
      • TOKEN is the token that you would have returned to the user after their signin step (above)
    • If the TOKEN is valid (i.e. if it represents an actual user) The route should function as it normally would (sending a response)
    • If not
      • Send the user an error message stating “Invalid Login”

As the website owner, I want our token system to be as secure as possible so that our users can feel safe when logging in

  • Research ways to “secure” our JWT Tokens
  • Implement one or more methods to secure our login tokens

Links to application deployment

UML

Bearer Authentication UML

Routes

  • POST route for /signup
    • Accepts either a JSON object or FORM Data with the keys “username” and “password”.
    • Creates a new user record in a Postgres database.
    • Returns a 201 with the created user record.
  • POST route for /signin
    • Use your basic authentication middleware to perform the actual login task.
    • router.post('/signin', basicAuth, (req,res) => {});
    • When validated, send a JSON object as the response with the following properties:
      • user: The users’ database record
  • GET route for /secret

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.