When building an application that allows users to have accounts, you have to ensure that access to these accounts is secure. When building a user account system, an important factor to keep in mind is how passwords are stored. Storing passwords as plain text is a complete rookie move that leaves your users vulnerable to all sorts of data breaches.
The best way to protect passwords is to employ hashing and salting and in this tutorial, we’ll show you exactly how to do this. We’ll also show you how to generate JSON Web Tokens (JWT) on a Node.js server backend that can be used to authenticate and authorize users, as well as how to store those tokens on the client NativeScript application.Read More
If you’ve been keeping up, you’ll remember I released a very popular tutorial titled, Getting Started with GraphQL Using Golang which was more or less a quick-start to using GraphQL in your web applications. Since then, I demonstrated an alternative way to work with related data in a tutorial titled, Maintain Data Relationships Through Resolvers with GraphQL in a Golang Application. Both articles are great, but they left out an important feature that most modern APIs must have. Most modern APIs must have a way to authorize particular users to access only certain pieces of data and not all data offered by the service.
One of the most popular ways to enforce some kind of authorization in an application is through the use of JSON web tokens (JWT). Users authenticate with a service and the service responds with a JWT to be used in every future request so that way the password is kept safe. The service can then validate the JWT to make sure it is correct and not expired.
We’re going to see how to protect particular GraphQL properties as well as entire queries using JSON web tokens and the Go programming language.Read More
So you started playing around with GraphQL and Node.js. Did you happen to get up to speed with my previous tutorial titled, Getting Started with GraphQL Development Using Node.js? Regardless on how you’ve jumped into GraphQL, you’re probably at a time where you need to figure out how to protect certain queries or pieces of data from the general public through some kind of permissions or roles.
When building a RESTful API, the common approach to endpoint protection is with JSON web tokens (JWT). In fact, I even wrote a previous tutorial on the subject, but how does that have relevance to GraphQL?
We’re going to take the common JWT approach and apply it towards protecting queries as well as particular pieces of data in a GraphQL API created with Node.js.Read More
I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available to download from all the popular podcasting networks. In this episode titled, Authorizing Access with OAuth, I’m joined by Ryan Chenkie from Auth0 to talk about OAuth and how it can be used to authorize access to your data by third-party applications.Read More
When it comes to authenticating users for making use of your API, it is a good idea to add an extra step beyond standard username and password. This is called two-factor authentication (2FA) and it acts as a second layer of security for users making use of your application.
Not too long ago I had written about adding 2FA to a RESTful API created with Node.js and Express Framework, but what if we wanted to do it in Golang? The logic isn’t any different, just a new syntax for a new language.
We’re going to see how to add two-factor authentication to a Golang API that makes use of Json Web Tokens (JWT).Read More
We’re going to see how to create a backend API that creates and validates JSON Web Tokens using the Go programming language. This teach us how to create an API that offers an authentication mechanism outside of sessions and cookies, which typically are not available when working with an API.Read More
Any mobile application that accesses remote data will need authentication at some point in time. There are many different authentication strategies out there, one of which is with Json Web Tokens (JWT) that we explored in one of my previous Node.js articles. With JWT, users can authenticate via username and password, receive a signed token back, and use that token for any future API request rather than continuing to distribute the username and password.
In this tutorial we’re going to explore how to build an Android and iOS mobile application using NativeScript and Angular that authenticates with an API and then uses a Json Web Token for future requests to that same API.Read More