Skip to content

Class 11 Class Notes

Jump to bottom
Erin Trainor edited this page Apr 1, 2019 · 1 revision

OAuth

Authentication != Authorization

Authentication = You are you Authorization = You have permission to see what you are asking for.

Authorization - Sign Up

Post Information

  • username
  • email
  • password

Hash the password

Store with .save() in mongo

Respond with a json web token (JWT)

  • JWT is an encrypted json object

Authorization - Sign In

Input

  • Form/json/header
    • auth: basic
    • uses post - because you are CREATING a session

Decrypt the password

Compare with the database by hashing what comes back

Check if the password matches what is stored and take action based on the result

Packages to Install

Express

Mongoose - connects to the server

Jsonwebtoken - makes a jwt

bcrypt - does the hashing

dotenv

.env file

port

mongo db uri

in the router

need options to make mongo deprecation warning go away

Clone this wiki locally