Adding authentication to an application is one of the most challenging 😖 but also a very important part for developers, but today I will teach you ...
For further actions, you may consider blocking this person and/or reporting abuse
JWT For session is a bad design.
Don't do that. It's discouraging!
Next time, try to say kudos for the write-up, then suggest something better 🙂
🥺 thank you
No this is not a session based authorization it is a token based but what I did is stored that token in the cookie rather than sending them through the Authorization header for every HTTP request we can do in that way too but I thought that cookie one will be easier to understand for beginners.
Nice post 👍👍...
I tend to use Express: app.use(express.json())
app.use(bodyparser.json()) outputs depreciation warnings here...just my preference though
You're right.
The recommended way is to call the methods directly on the express object.
Because...
In the latest version of Express, some bodyParser's methods have been added natively. That's why you don't have to install or require bodyParser again.
Yes you are right from now i will also use the same thanks for pointing it out 🤍
@icecoffee is this the answer ?!
Here the author is talking about server side authentication.
Please take a look at auth0.com/blog/adding-salt-to-hash... to understand how to properly set a
salt. A global value for your application is Not Good. The value does not need to be a secret, but it needs to be unique for every record you are hashing (unique per-password/user/record).You typically store the salt with the hash either in a row in the same DB table or even prepended/appended to the hash with a delimeter. All that matters is the salt is unique per input.
From the Auth0 article:
Thank you very much learned something new 🥰.
Yeah!
Can you explain about ":" which used in password:plainTextPassword
I am destructing req.body and storing password as plaintextpassword
you can understand this with this example
Thanks you so much, I understood well.
On the area where you encrypted the password, after destructuring request body, you recreated the password.
Which is supposed to produce an error identifier already exist because const variable cannot be recreated.
Actually on destructuring the request body i am creating email and plaintextpassword and after that i created const password so there is no recreation 😇 thats why it didn't produced error.
Why don’t use header authorization bearer in request ? Is the best practices
Yes we can implement it in that way too which will also make it not vulnerable to CSRF but I thought that cookie one will be more beginner friendly 😬.
Amazing Blog Ritesh.
Thanks harshit
Quite Awesome....!!
Amazing pal...Great Job
Great work thanks for this article 👍😊
OMG! This literally made my work so easy-peasy😍. Thanks a lot for this!!! Looking forward to more posts like this💕
You saved a life 🥺
I was stuck in this
Thank you brother ❤
Such a Awesome Explanation Dude keep it up🔥✌🏻
Thanks Rishabh
No one has simple explanation than this post :) , worth spending time to read this , learned a lot :)