This is a talk given at CharmCityJS on May 2nd 2018.
Chances are sooner or later your shiny new single page application will need authentication. Add some security and resource access control to that list as well. But how can we integrate all of this into a single page application that is entirely public? How can we ensure that our users only have access to the resources they are authorized to by hacking way in via the console? In this talk, the attendees will learn about l JSON Web Tokens (JWT) and see how they can be used to properly secure single page applications.
11. What’s wrong with
traditional auth?
! Multiple platforms
connecting to your
application
! Tightly coupled
! Sharing credentials
to connect to another
API
12. What’s wrong with
traditional auth?
! Multiple platforms
connecting to your
application
! Tightly coupled
! Sharing credentials
to connect to another
API
! Users have a
gazillion passwords
to remember, which
increases security
risks
30. @joel__lord
CharmCityJS
Validate a JWT
var jwt = require('jsonwebtoken');
// verify a token
var data = jwt.verify(token, 'secret');
console.log(data);
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9lbCBMb3JkIiwiaWF0IjoxNTI1MTc2NDI3fQ
.V89hohVfp1uVNfunkpdlewNyvGCX5iPPxe1YpM-RqRg
31. @joel__lord
CharmCityJS
Validate a JWT
var jwt = require('jsonwebtoken');
// verify a token
var data = jwt.verify(token, 'secret');
console.log(data);
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9lbCBMb3JkIiwiaWF0IjoxNTI1MTc2NDI3fQ
.V89hohVfp1uVNfunkpdlewNyvGCX5iPPxe1YpM-RqRg
{
"name": "Joel Lord",
"iat": 1525176427
}