Skip to content

Latest commit

 

History

History

06-Multi-Service-App-Authentication

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
auth
auth
 
 
infra
infra
 
 
README.md
README.md
 
 

README.md

Authentication Strategies


Application


Application


Application


Huge Issues with Authentication Strategies


Application


Application


Application


Application


So Which Option


Application


Solving Issues with Option #2


Application


Application


Reminder on Cookies vs JWT's


Application


Application


Application


Issues with JWT's and Server Side Rendering


Application


Application


Adding Session Support

$ cd app/auth
$ npm install --save cookie-session @types/cookie-session

Generating a JWT

$ cd app/auth
$ npm install --save jsonwebtoken @types/jsonwebtoken


$ curl \
--insecure \
--cookie-jar /tmp/cookies.txt \
--data '{"email":"[email protected]", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST https://adi-ticketing.dev/api/users/signup \
| python -m json.tool

JWT Signing Keys

$ cat /tmp/cookies.txt


#HttpOnly_ticketing.dev	FALSE	/	TRUE	0	express:sess	eyJqd3QiOiJleUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcFpDSTZJalZsWWpVMk56RmpPV0kwTmpObU1ERmhPVGN5TWprME5TSXNJbVZ0WVdsc0lqb2liV0Z5YkdWNU5rQmxlR0Z0Y0d4bExtTnZiU0lzSW1saGRDSTZNVFU0T0RrME5qY3hObjAuS3ZzV2NLbVN6VmNlWEhrdFFNNnU3cGtxWlFETVU2NC0tMGlPWTlVcE5mQSJ9

https://www.base64decode.org/

decode

{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlYjU2NzFjOWI0NjNmMDFhOTcyMjk0NSIsImVtYWlsIjoibWFybGV5NkBleGFtcGxlLmNvbSIsImlhdCI6MTU4ODk0NjcxNn0.KvsWcKmSzVceXHktQM6u7pkqZQDMU64--0iOY9UpNfA"}

https://jwt.io/


decode with key: 'asdf'


response:


{
  "id": "5eb5671c9b463f01a9722945",
  "email": "[email protected]",
  "iat": 1588946716
}

Application


Securely Storing Secrets with Kubernetes


Application


Creating and Accessing Secrets

$ kubectl create secret generic jwt-secret --from-literal=JWT_KEY=asdf


$ kubectl get secrets
NAME                  TYPE                                  DATA   AGE
default-token-dmr6t   kubernetes.io/service-account-token   3      2d9h
jwt-secret            Opaque                                1      7s

Formatting JSON Properties

$ curl \
--data '{"email":"[email protected]", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST http:https://adi-ticketing.dev/api/users/signup \
| python -m json.tool

response:

{
    "email": "[email protected]",
    "id": "5eb5997b5fcfb902b17eefc6"
}

Quick Sign In Test

$ curl \
--data '{"email":"[email protected]", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST http:https://adi-ticketing.dev/api/users/signin \
| python -m json.tool

response:

{
"email": "[email protected]",
"id": "5eb5997b5fcfb902b17eefc6"
}

Returning the Current User

// SIGN UP
$ curl \
--insecure \
--cookie-jar /tmp/cookies.txt \
--data '{"email":"[email protected]", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST https://adi-ticketing.dev/api/users/signup \
| python -m json.tool


// SIGN IN
$ curl \
--data '{"email":"[email protected]", "password":"123456789"}' \
--header "Content-Type: application/json" \
--request POST http:https://adi-ticketing.dev/api/users/signin \
| python -m json.tool


// GET CURRENT USER
$ curl \
--insecure \
--cookie /tmp/cookies.txt \
--header "Content-Type: application/json" \
--request GET https://adi-ticketing.dev/api/users/currentuser \
| python -m json.tool

response:

{
    "currentUser": {
        "email": "[email protected]",
        "iat": 1588965708,
        "id": "5eb5b14c97bd760b4fc2c798"
    }
}

Creating a Current User Middleware


Application