🔐 Web Authentication

Intro

👨‍💼 Hello, my name is Peter the Product Manager. I'm here to help you get oriented and to give you your assignments for the day. We're going to have you working on authentication for the Epic Notes app today.
So far any user can edit all the notes, even if they're not logged in! Obviously we need to give users an opportunity to create accounts and then lock down their data to their account. Throughout the workshop, you'll learn important foundational skills of full stack development like:
  1. Storing user preferences in cookies
  2. Using session storage and the "flash" pattern
  3. Using cookies to identify users
  4. Managing and safely storing passwords
  5. Securely validating passwords
  6. Managing logout and session expiration ("remember me")
  7. Locking down UI and backend routes
  8. Support Role-Based Access Control (RBAC)
  9. Support server-managed sessions
  10. Sending emails to users
  11. Building cryptographically secure verifications
  12. Support "forgot password" and reset password flows
  13. Supporting securely changing emails
  14. Adding two-factor authentication (2FA)
  15. Support verifying 2FA codes
  16. Securely disabling 2FA
  17. Supporting OAuth (social login)
  18. Handling Connection Errors
  19. Supporting Third Party Login
  20. Connection Management
  21. Redirecting third party logins with redirect Cookies
It's a big job and there's lots to do, so, let's get started!
Over time, some things may change in the workshop material from the videos you watch. You can learn about these changes in the CHANGELOG.md file of the repo.