Introduction
Authentication is a process to identify user's identity and grant them access to the resources provided by application. In backend development,
authentication plays a major role to grant or restrict users to access specific resources.
Authentication can be done in two ways: -
Token-Based Authentication.
Session-Based Authentication.
Here we'll talk about Token Based Authentication.
Token-Based Authentication
Token-based authentication is a widely used security mechanism to offer robust experience to users without compromising with the security.
In the token-based authentication, when user logged in server generates unique token for users. After server generates the token, it will be sent to client and stored on client's system locally. Whenever client makes a request, this token go with each request to verify the identity of user.
Authentication Process
REQUEST- When user login to the application, browser made a request to server with user credentials.
VERIFICATION - When request comes to the server it validates the user and generates a secret key known as token and send it to user via HTTP.
Generally, the token is sent in a JWT [jsonWebTokens] open standard that consist of a header, payload, signature.VALIDATE TOKEN - When user receives the token secret code it saves on client's browser as it helps to verify identity whenever user makes a request. this token is short lived have a life span of 15-60min and this token is also known as access token code. If user unable to use access token code, then it will request for refresh token code which stays in system for 3-4 days.
RESPONSE - When the validation is done then token grants or restrict user to access specific content.
Example
Let's take an example, we'll implement token-based authentication using register and login methodology.
First, we will create functionality for Register module for a user:-
STEP1: - Register User
Register uses collects data from user to create account
// FIRSTLY, WE'LL SELECT THE REGISTER FORM
const form = document.querySelector(".register");
// ADDING EVENT LISTENER TO FORM TO COLLECT THE VALUES FROM USER
form.addEventListener("submit", (e) => {
e.preventDefault();
const username = e.target.username.value;
const email = e.target.email.value;
const password = e.target.password.value;
});
STEP2: - Encrypting the password
Before saving user's data to database, we first need to encrypt the password for security purpose then save it to database.
For encrypting the password, we use npm package bcrypt.
Firstly, we need to install the package by writing in terminal: -
npm install bcrypt
Now, we'll hash the password like this
// IMPORTING BCRYPT MODULE
const bcrypt=require('bcrypt');
// ASSIGNING USERS PASSWORD
const plainPassword=userPassword
// ENCRYPTING PASSWORD
// BASIC SYNTAX
// bcrypt.hash(plainTextPassword,salt_rounds)
const hashedPassword=bcrypt.hash(plainPassword,10);
if(!hashedPassword){
throw new Error('Enable to generate password')
}
// NOW WE WILL SAVE USER DETAILS AND PASSWORD TO DATABASE
console.log('Hashed Password is : ',hashedPassword)
bcrypt.hash is a function which hashes the password with salt rounds. It generates different hashed key every time weather any of two users have same password.
Login functionality
When any user try to login, it retrieves hashed password from database and compare it with password given by user during login
const form = document.querySelector(".login");
form.addEventListener("submit", (e) => {
e.preventDefault();
const username = e.target.username.value;
const password = e.target.password.value;
});
const hashedPassword= 'retrievePasswordFromDatabase'
let result=bcrypt.compare(hashedPassword,userPassword)
if(result){
console.log('Login Successfully !!')
}
else{
console.log('Wrong password or username')
}
Top comments (0)