I'm starting up a new project using Couch DB and a react native front end. I was wondering what is the recommended way of doing user authentication. weather it is setting up users in Couch DB or going through, for example, a node server to process user credentials and get a token for them and whatnot. or if there are any other ideas, I'd greatly appreciate that.
CouchDB authentication system is a bit limited:
You can't revoke sessions
It somehow hard to integrate third party authentication (facebook, google+)
Password recovery/reset is not available by default
Since you're building a client application, you can't implement password recovery on the client side. You'll need a backend service that handle this.
It all depends on your need. You can easily start with CouchDB's auth system and add a auth service on top of CouchDB later.
Related
Our tool is a Node.js server / React client running on a network with no external web access.
We would like to add robust user management including:
User definition (name, password, access level)
Password change
Login/Logout
Is there any open source libraries out there that can supply these capabilities?
Passport js library provides a lot of strategies for authentication and authorization without requiring you to reinvent the wheel. You can use any of the databases to store the user's on the backend like MongoDB, Mysql, etc.
It can also talk to inhouse LDAP or auth server API if you decide to do so. All in all, this sounds like a perfect library for you.
Here is a tutorial https://scotch.io/tutorials/easy-node-authentication-setup-and-local
I am used to develop web apps using the Meteor JavaScript framework, which handles authentication. I am now developing for the first time a web app using a Node.js (Express) + GraphQL stack on the backend, with React on the frontend, so I have to handle authentication myself.
I read a lot of things about it, and I like the idea of token based authentication. I am thinking about using JWT, so I don't have to deal with sessions.
I know there are a lot of tutorials, but each one always has a sort of disclaimer like : "this tutorial is not production ready, use it for educational purposes only...". Every time I read something about authentication, it seems to be something so difficult to implement that I shouldn't implement it myself. But I don't want to use services providers like AWS Cognito, Google Cloud Platform because I want to keep my users data in my own system and database. I don't want to be tied to a third party provider.
I know how to generate jwt tokens, refresh tokens, how to verify them, etc... I am able to develop a working auth system, but I am never sure I do it in a secure and production ready way because of all those comments I can read on the Internet.
So, what would you recommend to implement a secured and production ready authentication system in a Node.js server without being tied to a third-party provider. Do you know any complete tutorial or documentation about it?
There are several approaches to implement authentication for an application.
Use a identity server manage by you
Use a fully manage service for authentication.
Use authentication middleware.
Write your own authentication solution.
If you are afraid in vender locking I would suggest to use an authentication middleware like PassportJS which will facilitate the abstraction of authentication strategy with its implementation.
On the otherhand writing your custom authentication can be challenging in terms of security, specially finding snd fixing these vulnerabilities.
How to create a login page and check data's in a database using Rest API in angular 5.I am using Node js and Mysql as my database
There are many moving parts to creating an authentication system, and there are simply too many ways to get it wrong: storing plain-text passwords, not salting hashes, not rate-limiting queries, not having a properly configured TLS certificate, et cetera...
As you are not very familiar with these important concepts, it is highly advisable to use a 3rd-party OAuth2 provider in order to provide user authentication.
I repeat: I highly discourage implementing your own login page/fields and authentication methods for limiting database access.
As an example, take a look at this following option of using Google as an OAuth2 provider in your NodeJS application.
I'm attempting to create a simple Hybrid Application with native API using Cordova.
I think to use a simple REST API remote to retrieve user information.
First time users have to register into server to gain account, and then the app could manage all user's api via AJAX calls.
Now, I'll appreciate your opinions and suggestions about:
I thought use LARAVELL to manage routing and authentication: there's some contraindication to this approach?
(and principal question): I've no advanced notions about security... so someone can suggest how to manage security data and remote login?
For example: store user password and username to localStorage, and send username + token to remote DB.
My problem is how implement security when make remote REST call, that is how pass data for remote connection.
I hope my questions are understandable...
Thanks
Found complete tutorial to my answer, via JWT and access tokens.
The link is:
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps
Very very powerful!
Hope help someone,
I wish to extract login details entered into a web interface and alter them before they reach the database server. This is for a project where the intention is to create an app that allows for more secure passwords that are salted and hashed (for use on legacy systems).
I have created a WAMP server and have the webpages and database linked and operational.
I have written a Java app to make the required changes to the passwords.
Problem
I thought I could use RESTful services to extract the username and password, but it didn't work.
Is there any app that will allow me to do this?
I'm apprehensive to stage a Man in the Middle attack as it kind of defeats the purpose of making the system more secure. Thanks