About a week ago I had written about using HTTPS with Node.js and hinted at hardware based two-factor authentication as my reason for needing it. In case you’re unfamiliar with 2FA, there are numerous approaches ranging from HMAC-based one-time passwords (HOTP) and time-based one-time passwords (TOTP) which are software based, to the hardware based universal two-factor (U2F) standard.
If you’ve been keeping up with the blog, you’ll remember I had written a tutorial titled, Implement 2FA with Time-Based One-Time Passwords in a Node.js API, which focused on the software side of things. I recently picked up some YubiKey dongles and thought I’d try my luck with the hardware side of things.
In this tutorial, we’re going to see how to implement U2F functionality in our Node.js powered RESTful API and interact with the API and our hardware dongles using jQuery in the web browser.Read More
You’re about to release your new Angular web app. It’s a photo sharing site and you want to test it, so you send a link to it to your hacker sister. She’s always messing with your stuff and she found out the URL to your admin page you added to your web app. Before you know it, she’s flushed your database using a button on that admin page that you didn’t restrict access to. Not a problem when using development data - but I’m sure your users wouldn’t be any too keen on a service where they lost all of their data. Let’s fix thatRead More
More than a year ago, before I started using Angular, I had written a tutorial on the topic of fingerprint authentication in a core NativeScript application. Since then, I’m doing almost all of my mobile development with Angular which means that the previous article deserves an upgrade.
I recently released a mobile application called Solar Flare for Cloudflare that protects your account with device level fingerprint authentication. We’re going to see how I included fingerprint authentication, sometimes referred to as touch id, in a NativeScript with Angular application.Read More
Most, not all, mobile applications have some sense of users having accounts. This means that users need to register and sign into most mobile applications to get all the features the application has to offer. So how do you create an attractive and functional login and registration screen for your Android and iOS application?
We’re going to see how to create a registration and login screen with NativeScript and Angular that will get you to an end result of a protected page within your application.Read More
Not too long ago I wrote about authenticating within a Node.js API using Json Web Tokens (JWT). The basis of the example is around authenticating via a username and password and receiving a JWT for every future request against the API. While that example is incredibly useful and follows best practice, it doesn’t cover the scenario where you’d like to have a two-factor authentication (2FA) option for your users. In case you’re unfamiliar, 2FA is a second layer of protection for accounts made possible by a time-based token generated by a shared secret key.
We’re going to see how to add a two-factor authentication option to our Node.js API while continuing to use Json Web Tokens.Read More
We’re going to see how to create a backend API that creates and validates JSON Web Tokens using the Go programming language. This teach us how to create an API that offers an authentication mechanism outside of sessions and cookies, which typically are not available when working with an API.Read More
Any mobile application that accesses remote data will need authentication at some point in time. There are many different authentication strategies out there, one of which is with Json Web Tokens (JWT) that we explored in one of my previous Node.js articles. With JWT, users can authenticate via username and password, receive a signed token back, and use that token for any future API request rather than continuing to distribute the username and password.
In this tutorial we’re going to explore how to build an Android and iOS mobile application using NativeScript and Angular that authenticates with an API and then uses a Json Web Token for future requests to that same API.Read More