jodyson24/auth.md

Forked from taniarascia/auth.md

Created June 10, 2020 11:03

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jodyson24/bea83e24e62bb342dac25c4b705da8bc.js"></script>
Save jodyson24/bea83e24e62bb342dac25c4b705da8bc to your computer and use it in GitHub Desktop.

Download ZIP

JavaScript Authentication & Authorization Book/Course

Raw

auth.md

JavaScript Authentication & Authorization

Outline of ideas, concepts to cover, potential projects to write.

Setup Idea

Book with a video for each chapter.

Prerequisites/Overview

HTML, CSS, JavaScript
Front end/client side (Browser)
Back end/server side (Node)
REST APIs

Concepts

Authorization (AuthZ)
Authentication (AuthN)
Headers
Sessions
JSON Web Tokens (JWT)
Identity Provider (IDP)
Cross-origin resource sharing (CORS)
Single sign on (SSO)

Vulnerabilities

Cross-site request forgery (CSRF/XSRF)
Cross-site scripting (XSS)

Persistence

Cookies
- HTTP Only/Secure/SameSite
Web Storage
- Local Storage
- Session Storage

Specifications/Protocols/Terms/Standards

OAuth 2.0
OpenID Connect (OIDC)
Proof Key for Code Exchange (PKCE)
System for Cross-domain Identity Management (SCIM)
Role-based access control (RBAC)

Project

Create a full-stack application
- React front end
- Node/Express back end
- Login option 1: OAuth 2.0/OIDC with Google/Twitter/GitHub as the SSO IDP
- Login option 2: custom username/password login
- Ability to associate SSO to an existing user
- Different roles (admin, user, maybe one more)

Topics to Cover

When to use different strategies (for example, PKCE in a client-side only app, session cookies for a BE+FE on the same subdomain, etc).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment