{"id":20365718,"url":"https://github.com/hackyourfuture/authentication","last_synced_at":"2026-05-21T16:46:17.489Z","repository":{"id":74101930,"uuid":"74269845","full_name":"HackYourFuture/Authentication","owner":"HackYourFuture","description":"Notes on authentication - how to think about it and what options are available","archived":false,"fork":false,"pushed_at":"2017-05-17T13:51:58.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":40,"default_branch":"master","last_synced_at":"2024-04-13T19:22:57.499Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HackYourFuture.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-20T11:34:32.000Z","updated_at":"2022-11-20T19:31:38.000Z","dependencies_parsed_at":"2023-04-09T18:47:14.149Z","dependency_job_id":null,"html_url":"https://github.com/HackYourFuture/Authentication","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HackYourFuture/Authentication","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackYourFuture%2FAuthentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackYourFuture%2FAuthentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackYourFuture%2FAuthentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackYourFuture%2FAuthentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HackYourFuture","download_url":"https://codeload.github.com/HackYourFuture/Authentication/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackYourFuture%2FAuthentication/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33307369,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T12:23:38.849Z","status":"ssl_error","status_checked_at":"2026-05-21T12:22:11.673Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T00:19:42.993Z","updated_at":"2026-05-21T16:46:17.472Z","avatar_url":"https://github.com/HackYourFuture.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Authentication\nNotes on authentication - how to think about it and what options are available\n\n## What is it?\nAuthentication is the process of verifying that a user is who he/she says she is (note that this is different than authorization which determines if a user is allowed to access a resource).\n\n## Best practice\nCurrent best practice - use JWT (https://jwt.io/introduction/)\nTry to use an existing framework. Do not make your own authentication scheme - it is harder than you think.\nFor front end use this NPM https://www.npmjs.com/package/jsonwebtoken (`npm install --save jsonwebtoken`)\n\n## Authentication overview\n### Basic flow\n1) Enter your credentials (username or email and password)\n2) Make HTTPS request containing this data to backend\n3) Check that username and password match\n4) Return user id and any other data and store token in LocalStorage\n\n### LocalStorage\nAbout LocalStorage (https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage)\nTokens stored in LocalStorage are DOMAIN SPECIFIC - that means \"stuff\" stored in LocalStorage for Facebook.com is not visible to Google.com\nThe token will remain in storage (not the user profile)\n\n### Backend endpoints required\n`/your_app/auth/email` - first request to get token\n\nUsing bcrypt (encryption to store your passwords securely in database)\n\u003cbr\u003ehttps://www.npmjs.com/package/bcrypt-nodejs\n\nEncoding and decoding JWTs\n\u003cbr\u003ehttps://github.com/auth0/node-jsonwebtoken\n\nStoring JWT web toekns\n\u003cbr\u003ehttps://github.com/grevory/angular-local-storage\n\n\n### Implementation\n\n- NOTE that every request to your app MUST be authenticated - how do we do this?\nInclude the token in headers of every request (more info about headers - http://stackoverflow.com/questions/1268673/set-a-request-header-in-javascript)\n\n- Check that the token is valid on every request\n\n- If the token is valid allow the request (return status code 200)\n\n- If the token is not valid - do not allow the request to continue and return the appropriate response code (on the front end redirect the user to the login page so that they can try again)\n\n### Other resources\n- http://www.restapitutorial.com/httpstatuscodes.html\n- https://en.wikipedia.org/wiki/List_of_HTTP_status_codes\n- http://stackoverflow.com/questions/1268673/set-a-request-header-in-javascript\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackyourfuture%2Fauthentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackyourfuture%2Fauthentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackyourfuture%2Fauthentication/lists"}