jtw-training

Stars
0
Committers
1
View Code on GitHub
Ecosystems: JavaScript

JSON web token training.

From tutorial.

What is a JWT (Json Web Token)? Compact and self-contained way for securely transmitting information between parties as a JSON object

When is JWT used? Authorization: This is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.

What are refresh and access tokens?

  • To gain an access token; refresh token, client id, client secret are required.

  • Refresh token can be used by a third party that can renew the access token without any knowledge of user credentials.

  • If an access token is compromised, because it is short-lived, an attacker has a limited window in which to abuse it. Refresh tokens, if compromised, are useless because the attacker requires the client id & secret and the refresh token in order to gain an access token.

  • Refresh tokens mitigate the risk of a long-lived access_token leaking (query param in a log file on an insecure resource server, beta or poorly coded resource server app, JS SDK client on a non https site that puts the access_token in a cookie, etc).

Running the application

npm i under server folder, then start the server (under server folder, runs on port 4000):

npm start

Sanity test with test.rest file @createUser. It should respond with the new user being added, or rejected because it already exists:

server listening on port 4000
[ { id: 0,
    email: '[email protected]',
    password:
     '$2a$10$KatFuvPCbaSCMnEzPG/n9uV0ueIZMQSh6SJq/dmbhMIGZTOtpvXYe' },
  { id: 1,
    email: '[email protected]',
    password:
     '$2a$10$1KSDN7SET1xEtqAC1rJCjuftf1x5gUrF7wD5NksdYlFsNyM3m9NSi' } ]

Sanity test the rest of the test.rest file top to bottom. You may need vscode REST Client extension.

npm i in the front-end folder, then start the front-end app (under frontend folder, runs on port 3000);

npm start
Related Projects
sample-jwt-webapp

A sample JWT web app that can be use to demonstrate how to escalate permissions by cracking and f...

08 Nov 2017 11
node-idf

Node.js course given in April 2020

18 Apr 2020 0
ember-simple-auth-token

Ember Simple Auth extension that is compatible with token-based authentication like JWT.

24 Aug 2014 348
Express-Dev-Env

The development environment for Express, mongoose and graphgl with Front end boiler plates

12 Dec 2018 0
Socio-Konnect

This is a fun project which enables Simultaneous Posting by Users on different platforms like Fac...

13 Jan 2019 6
node-express-fast-progress

This generator will help you to build your own Node.js Express API

20 Aug 2019 3
node-express-mongodb-jwt-rest-api-skeleton

This is a basic API REST skeleton written on JavaScript using async/await. Great for building a s...

11 Sep 2018 898
crowdsourcing-anything

Crowdsourcing from your user for anything

23 Dec 2020 1