09_Authentication_Strategies_and_Options.md

[Stephen Grider] Microservices with Node JS and React [ENG, 2020]

09. Authentication Strategies and Options

01. Fundamental Authentication Strategies

02. Huge Issues with Authentication Strategies

03. So Which Option

04. Solving Issues with Option #2

05. Reminder on Cookies vs JWT's

06. Microservices Auth Requirements

07. Issues with JWT's and Server Side Rendering

08. Cookies and Encryption

09. Adding Session Support

$ cd app/auth
$ npm install --save cookie-session @types/cookie-session

10. Generating a JWT

$ cd app/auth
$ npm install --save jsonwebtoken @types/jsonwebtoken

$ curl \
--insecure \
--cookie-jar /tmp/cookies.txt \
--data '{"email":"marley6@example.com", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST https://ticketing.dev/api/users/signup \
| python -m json.tool

11. JWT Signing Keys

$ cat /tmp/cookies.txt

#HttpOnly_ticketing.dev	FALSE	/	TRUE	0	express:sess	eyJqd3QiOiJleUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcFpDSTZJalZsWWpVMk56RmpPV0kwTmpObU1ERmhPVGN5TWprME5TSXNJbVZ0WVdsc0lqb2liV0Z5YkdWNU5rQmxlR0Z0Y0d4bExtTnZiU0lzSW1saGRDSTZNVFU0T0RrME5qY3hObjAuS3ZzV2NLbVN6VmNlWEhrdFFNNnU3cGtxWlFETVU2NC0tMGlPWTlVcE5mQSJ9

https://www.base64decode.org/

decode

{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlYjU2NzFjOWI0NjNmMDFhOTcyMjk0NSIsImVtYWlsIjoibWFybGV5NkBleGFtcGxlLmNvbSIsImlhdCI6MTU4ODk0NjcxNn0.KvsWcKmSzVceXHktQM6u7pkqZQDMU64--0iOY9UpNfA"}

https://jwt.io/

decode with key: 'asdf'

response:

{
  "id": "5eb5671c9b463f01a9722945",
  "email": "marley6@example.com",
  "iat": 1588946716
}

12. Securely Storing Secrets with Kubernetes

13. Creating and Accessing Secrets

$ kubectl create secret generic jwt-secret --from-literal=JWT_KEY=asdf

$ kubectl get secrets
NAME                  TYPE                                  DATA   AGE
default-token-dmr6t   kubernetes.io/service-account-token   3      2d9h
jwt-secret            Opaque                                1      7s

14. Accessing Env Variables in a Pod

15. Common Response Properties

16. Formatting JSON Properties

$ curl \
--data '{"email":"marley7@example.com", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST http://ticketing.dev/api/users/signup \
| python -m json.tool

response:

{
    "email": "marley7@example.com",
    "id": "5eb5997b5fcfb902b17eefc6"
}

17. The Signin Flow

18. Common Request Validation Middleware

19. Sign In Logic

20. Quick Sign In Test

$ curl \
--data '{"email":"marley7@example.com", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST http://ticketing.dev/api/users/signin \
| python -m json.tool

response:

{
"email": "marley7@example.com",
"id": "5eb5997b5fcfb902b17eefc6"
}

21. Current User Handler

22. Returning the Current User

// SIGN UP
$ curl \
--insecure \
--cookie-jar /tmp/cookies.txt \
--data '{"email":"marley@example.com", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST https://ticketing.dev/api/users/signup \
| python -m json.tool

// SIGN IN
$ curl \
--data '{"email":"marley@example.com", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST http://ticketing.dev/api/users/signin \
| python -m json.tool

// GET CURRENT USER
$ curl \
--insecure \
--cookie /tmp/cookies.txt \
--header "Content-Type: application/json" \
--request GET https://ticketing.dev/api/users/currentuser \
| python -m json.tool

response:

{
    "currentUser": {
        "email": "marley@example.com",
        "iat": 1588965708,
        "id": "5eb5b14c97bd760b4fc2c798"
    }
}

23. Signing Out

24. Creating a Current User Middleware

25. Augmenting Type Definitions

26. Requiring Auth for Route Access

---

Marley

Any questions in english: Telegram Chat
Любые вопросы на русском: Телеграм чат