๐ Web Authentication
Intro
๐จโ๐ผ Hello, my name is Peter the Product Manager. I'm here to help you get
oriented and to give you your assignments for the day. We're going to have you
working on authentication for the Epic Notes app today.
So far any user can edit all the notes, even if they're not logged in! Obviously
we need to give users an opportunity to create accounts and then lock down their
data to their account. Throughout the workshop, you'll learn important
foundational skills of full stack development like:
- Storing user preferences in cookies
- Using session storage and the "flash" pattern
- Using cookies to identify users
- Managing and safely storing passwords
- Securely validating passwords
- Managing logout and session expiration ("remember me")
- Locking down UI and backend routes
- Support Role-Based Access Control (RBAC)
- Support server-managed sessions
- Sending emails to users
- Building cryptographically secure verifications
- Support "forgot password" and reset password flows
- Supporting securely changing emails
- Adding two-factor authentication (2FA)
- Support verifying 2FA codes
- Securely disabling 2FA
- Supporting OAuth (social login)
- Handling Connection Errors
- Supporting Third Party Login
- Connection Management
- Redirecting third party logins with redirect Cookies
It's a big job and there's lots to do, so, let's get started!
- Exercises
- 1Cookies
- 2Session Storage
- 3User Session
- 4Password Management
- 5Login
- 6Logout and Expiration
- 7Protecting Routes
- 8Role-Based Access
- 9Managed Sessions
- 10Email
- 11Verification
- 12Reset Password
- 13Change Email
- 14Enable Two Factor Auth
- 15Verify 2FA Code
- 16Disable Two Factor Auth
- 17OAuth
- 18Connection Errors
- 19Third Party Login
- 20Connection Management
- 21Redirect Cookie