Token Based Authentication Systems with AngularJS & NodeJS

Download as PPTX, PDF

3 likes6,237 views

The document outlines a RESTful authentication system using AngularJS and Node.js, discussing aspects like JSON Web Tokens (JWT) for securing endpoints. It includes a dialogue between a boss and developer about building native applications and specifics of implementing user authentication. The document also references various libraries across programming languages for JWT implementation and highlights the architecture and advantages of the system.

Software

Restful Authentication
System with AngularJS &
NodeJS

Hüseyin BABAL
Full Stack Developer
PHP, JAVA, NodeJS developer.
Building highly scalable, realtime systems.
Web Development mentor.
Entrepreneur.
NodeJS trainer.
GDG conference speaker
@huseyinb
abal
@huseyinba
bal
http://huseyinbab
al.net

POST /signin
username=.....&password=......
HTTP 200
Set-Cookie: session=.......
POST /user/me
Cookie: session=.......
HTTP 200
{name: john, surname: doe, …..}
http://app.yoursite.com http://app.yoursite.com

Boss: I want native mobile and desktop version
of our current web application
Developer: We need to develop new services
for specific clients.
Boss: What about cost? You need to find
another solution better
Developer: ???

My App I need to develop client
Andr
oid
Window
s 8
iOS
Desktop
App
independent system...

POST /signin
username=.....&password=......
HTTP 200
token: JWT (Bearer Token)
POST /user/me
Authorization: Bearer JWT(Bearer
THoTkTePn )200
{name: john, surname: doe, …..}
http://app.yoursite.com http://api.yoursite.com

JWT
Powerful token format used in HTTP headers in
order to make some endpoint secure.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz
dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI
ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx
UZXiPs3f8FmJDkDE_VCQFXqKxpLsts

$JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts$

Libraries
Language Library Url
PHP https://github.com/firebase/php-jwt
.NET https://github.com/AzureAD/azure-activedirectory-
identitymodel-extensions-for-
dotnet
Ruby https://github.com/progrium/ruby-jwt
NodeJS https://github.com/auth0/node-jsonwebtoken
Java https://github.com/auth0/java-jwt
Python https://github.com/progrium/pyjwt/

Mongo
DB
http://api.yoursite.
com
POST /signin
username=.....&password=......
HTTP 200
token: JWT (Bearer Token)
POST /user/me
Authorization: Bearer JWT(Bearer
THoTkTePn )200
{name: john, surname: doe, …..}
http://app.yoursite.com
Check Username and Password, create
token if valid, add to DB
Check token from db whenever a
request come
http://t1.yoursite.
com
……..
http://tn.yoursite.c
om
(Load
balancer)

Advantages
Client independent
CDN
Zero Coupling
No cookie(session), no csrf
Persistent token store
Available for other languages (JWT token)

More Related Content

What's hot (20)

PPTX

Micro Web Service - Slim and JWTTuyen Vuong

PPTX

Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc

PDF

What are JSON Web Tokens and Why Should I Care?Derek Edwards

PPTX

An Introduction to OAuth2Aaron Parecki

PDF

JSON Web TokensIvan Rosolen

PPTX

Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit

PDF

Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins

PPTX

REST Service Authetication with TLS & JWTsJon Todd

PDF

OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuAntonio Sanso

PDF

Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal

PDF

OAuth 2.0Uwe Friedrichsen

PPTX

Single-Page-Application & REST securityIgor Bossenko

PDF

Using JSON Web Tokens for REST Authentication Mediacurrent

PDF

Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia

PDF

Rest Security with JAX-RSFrank Kim

PDF

iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi

PDF

Introduction to JWT and How to integrate with Spring SecurityBruno Henrique Rother

PDF

Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal

PDF

Stateless Auth using OAuth2 & JWTGaurav Roy

PDF

Building an API Security EcosystemPrabath Siriwardena

Micro Web Service - Slim and JWTTuyen Vuong

Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc

What are JSON Web Tokens and Why Should I Care?Derek Edwards

An Introduction to OAuth2Aaron Parecki

JSON Web TokensIvan Rosolen

Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit

Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins

REST Service Authetication with TLS & JWTsJon Todd

OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuAntonio Sanso

Stateless authentication with OAuth 2 and JWT - JavaZone 2015Alvaro Sanchez-Mariscal

OAuth 2.0Uwe Friedrichsen

Single-Page-Application & REST securityIgor Bossenko

Using JSON Web Tokens for REST Authentication Mediacurrent

Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia

Rest Security with JAX-RSFrank Kim

iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi

Introduction to JWT and How to integrate with Spring SecurityBruno Henrique Rother

Stateless authentication for microservices - Greach 2015Alvaro Sanchez-Mariscal

Stateless Auth using OAuth2 & JWTGaurav Roy

Building an API Security EcosystemPrabath Siriwardena

Similar to Token Based Authentication Systems with AngularJS & NodeJS (20)

PPT

Sanjeev ghai 12Praveen kumar

PPTX

Demystifying RESTKirsten Hunter

PDF

InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters

KEY

Html5 For Jjugccc2009fallShumpei Shiraishi

PPTX

Python Code Camp for Professionals 3/4DEVCON

PDF

5.node jsGeunhyung Kim

PPTX

"Your script just killed my site" by Steve SoudersDmitry Makarchuk

PDF

HTML for the Mobile Web, Firefox OSAll Things Open

PPTX

Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...Frédéric Harper

PDF

Connect Intergration Patterns: A Case Study - Patrick StreuleAtlassian

KEY

OSCON 2011 Learning CouchDBBradley Holt

PPTX

Web scraping 101 with goutteJoshua Copeland

PDF

HTML5: friend or foe (to Flash)?Remy Sharp

PPTX

REST with Eve and PythonPiXeL16

PDF

Securing Your Containerized Applications with NGINXDocker, Inc.

PDF

Node.js introductionParth Joshi

PDF

Nko workshop - node js crud & deploySimon Su

PPTX

Token based-oauth2andreyradzkov

PDF

Webové aplikace v JavaScriptuPavol Hejný

PDF

L1. Introduction, CSE 202, BN11.pdf JavaScriptSauravBarua11

Sanjeev ghai 12Praveen kumar

Demystifying RESTKirsten Hunter

InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters

Html5 For Jjugccc2009fallShumpei Shiraishi

Python Code Camp for Professionals 3/4DEVCON

5.node jsGeunhyung Kim

"Your script just killed my site" by Steve SoudersDmitry Makarchuk

HTML for the Mobile Web, Firefox OSAll Things Open

Welcome Firefox OS in india with your app - Mumbai Firefox OS hackathon - 201...Frédéric Harper

Connect Intergration Patterns: A Case Study - Patrick StreuleAtlassian

OSCON 2011 Learning CouchDBBradley Holt

Web scraping 101 with goutteJoshua Copeland

HTML5: friend or foe (to Flash)?Remy Sharp

REST with Eve and PythonPiXeL16

Securing Your Containerized Applications with NGINXDocker, Inc.

Node.js introductionParth Joshi

Nko workshop - node js crud & deploySimon Su

Token based-oauth2andreyradzkov

Webové aplikace v JavaScriptuPavol Hejný

L1. Introduction, CSE 202, BN11.pdf JavaScriptSauravBarua11

More from Hüseyin BABAL (8)

PPTX

Infinite Scalable Systems with DockerHüseyin BABAL

PPTX

MongoDB GeoSpatial FeatureHüseyin BABAL

PPTX

NodeJS ve API Tasarım TemelleriHüseyin BABAL

PPTX

RESTful API Design FundamentalsHüseyin BABAL

PPTX

Token Based Authentication SystemsHüseyin BABAL

PDF

Make Your Application SocialHüseyin BABAL

PDF

Realtime web applications with ExpressJS and SocketIOHüseyin BABAL

PDF

Complete MVC on NodeJSHüseyin BABAL

Infinite Scalable Systems with DockerHüseyin BABAL

MongoDB GeoSpatial FeatureHüseyin BABAL

NodeJS ve API Tasarım TemelleriHüseyin BABAL

RESTful API Design FundamentalsHüseyin BABAL

Token Based Authentication SystemsHüseyin BABAL

Make Your Application SocialHüseyin BABAL

Realtime web applications with ExpressJS and SocketIOHüseyin BABAL

Complete MVC on NodeJSHüseyin BABAL

Recently uploaded (20)

PDF

Online Queue Management System for Public Service Offices in Nepal [Focused i...Rishab Acharya

PDF

AI + DevOps = Smart Automation with devseccops.ai.pdfDevseccops.ai

PPTX

Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agentsklpathrudu

PDF

iTop VPN With Crack Lifetime Activation Key-CODEutfefguu

PPTX

Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...klpathrudu

PPTX

In From the Cold: Open Source as Part of Mainstream Software Asset ManagementShane Coughlan

PDF

HiHelloHR – Simplify HR Operations for Modern WorkplacesHiHelloHR

PPTX

ChiSquare Procedure in IBM SPSS Statistics Version 31.pptxVersion 1 Analytics

PDF

Build It, Buy It, or Already Got It? Make Smarter Martech Decisionsbbedford2

PPTX

AEM User Group: India Chapter Kickoff Meetingjennaf3

PDF

유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례Seongdae Kim

PPTX

Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...Shane Coughlan

PDF

MiniTool Partition Wizard 12.8 Crack License Key LATESThashhshs786

PDF

Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdfVarsha Nayak

PDF

Open Chain Q2 Steering Committee Meeting - 2025-06-25Shane Coughlan

PPTX

Human Resources Information System (HRIS)Amity University, Patna

PPTX

Change Common Properties in IBM SPSS Statistics Version 31.pptxVersion 1 Analytics

PDF

4K Video Downloader Plus Pro Crack for MacOS New Download 2025bashirkhan333g

PPTX

Agentic Automation: Build & Deploy Your First UiPath Agentklpathrudu

PDF

vMix Pro 28.0.0.42 Download vMix Registration key Bundlekulindacore

Online Queue Management System for Public Service Offices in Nepal [Focused i...Rishab Acharya

AI + DevOps = Smart Automation with devseccops.ai.pdfDevseccops.ai

Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agentsklpathrudu

iTop VPN With Crack Lifetime Activation Key-CODEutfefguu

Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...klpathrudu

In From the Cold: Open Source as Part of Mainstream Software Asset ManagementShane Coughlan

HiHelloHR – Simplify HR Operations for Modern WorkplacesHiHelloHR

ChiSquare Procedure in IBM SPSS Statistics Version 31.pptxVersion 1 Analytics

Build It, Buy It, or Already Got It? Make Smarter Martech Decisionsbbedford2

AEM User Group: India Chapter Kickoff Meetingjennaf3

유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례Seongdae Kim

Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...Shane Coughlan

MiniTool Partition Wizard 12.8 Crack License Key LATESThashhshs786

Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pdfVarsha Nayak

Open Chain Q2 Steering Committee Meeting - 2025-06-25Shane Coughlan

Human Resources Information System (HRIS)Amity University, Patna

Change Common Properties in IBM SPSS Statistics Version 31.pptxVersion 1 Analytics

4K Video Downloader Plus Pro Crack for MacOS New Download 2025bashirkhan333g

Agentic Automation: Build & Deploy Your First UiPath Agentklpathrudu

vMix Pro 28.0.0.42 Download vMix Registration key Bundlekulindacore

Token Based Authentication Systems with AngularJS & NodeJS

1. Restful Authentication System with AngularJS & NodeJS

2. Hüseyin BABAL Full Stack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net

3. POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com

4. Boss: I want native mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???

5. My App I need to develop client Andr oid Window s 8 iOS Desktop App independent system...

6. POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com

7. Wait! What is Bearer Token?

8. JWT Powerful token format used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts

9. JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts

10. Libraries Language Library Url PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/

11. Architectur e Time

12. Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)

13. Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)

14. Demo

15. Thank you! Thank you