When building an application that allows users to have accounts, you have to ensure that access to these accounts is secure. When building a user account system, an important factor to keep in mind is how passwords are stored. Storing passwords as plain text is a complete rookie move that leaves your users vulnerable to all sorts of data breaches.
The best way to protect passwords is to employ hashing and salting and in this tutorial, we’ll show you exactly how to do this. We’ll also show you how to generate JSON Web Tokens (JWT) on a Node.js server backend that can be used to authenticate and authorize users, as well as how to store those tokens on the client NativeScript application.Read More
If you’ve been keeping up, you’ll remember I released a very popular tutorial titled, Getting Started with GraphQL Using Golang which was more or less a quick-start to using GraphQL in your web applications. Since then, I demonstrated an alternative way to work with related data in a tutorial titled, Maintain Data Relationships Through Resolvers with GraphQL in a Golang Application. Both articles are great, but they left out an important feature that most modern APIs must have. Most modern APIs must have a way to authorize particular users to access only certain pieces of data and not all data offered by the service.
One of the most popular ways to enforce some kind of authorization in an application is through the use of JSON web tokens (JWT). Users authenticate with a service and the service responds with a JWT to be used in every future request so that way the password is kept safe. The service can then validate the JWT to make sure it is correct and not expired.
We’re going to see how to protect particular GraphQL properties as well as entire queries using JSON web tokens and the Go programming language.Read More
So you started playing around with GraphQL and Node.js. Did you happen to get up to speed with my previous tutorial titled, Getting Started with GraphQL Development Using Node.js? Regardless on how you’ve jumped into GraphQL, you’re probably at a time where you need to figure out how to protect certain queries or pieces of data from the general public through some kind of permissions or roles.
When building a RESTful API, the common approach to endpoint protection is with JSON web tokens (JWT). In fact, I even wrote a previous tutorial on the subject, but how does that have relevance to GraphQL?
We’re going to take the common JWT approach and apply it towards protecting queries as well as particular pieces of data in a GraphQL API created with Node.js.Read More
Any mobile application that accesses remote data will need authentication at some point in time. There are many different authentication strategies out there, one of which is with Json Web Tokens (JWT) that we explored in one of my previous Node.js articles. With JWT, users can authenticate via username and password, receive a signed token back, and use that token for any future API request rather than continuing to distribute the username and password.
In this tutorial we’re going to explore how to build an Android and iOS mobile application using NativeScript and Angular that authenticates with an API and then uses a Json Web Token for future requests to that same API.Read More
When it comes to API development, there is often a need to protect certain endpoints or rate-limit the API in general. Because you are working with endpoints from clients possibly on a different domain, you can’t authenticate users with sessions and cookies. It would also be a bad idea to pass around a username and password with each request. Typically endpoints are protected with tokens that are passed with each request and these tokens are often JSON Web Tokens (JWT) that work very well.
We’re going to see how to create a very simple API using Node.js with protected endpoints that require a valid JWT in order for requests to succeed.Read More