Hey everyone 👋🏻,
In this article, let us learn about one of the most important concepts that you as a developer must have a solid knowledge of and that is Advanced Authentication and Authorization.
Advanced Authentication and Authorization
Let us consider the case of resetting of the user password.
You have to implement authentication in a way that prevents users from resetting random user accounts. Reset tokens have to be random, unguessable atleast in a reasonable amount of time and unique. Therefore reset token is a great mechanism to identify the user for which we need to reset the password.
Whenever a user wants to reset his password, he can click on the reset password link and provide the email to which the reset link will be sent from there they can reset the password.
For that we have to create a unique token which also has some
expiration date which we will store in our database so that the link which the user clicks includes that token and we can verify that the user did get that link from us. This is an additional security mechanism for changing of password thereby ensuring that the user password can only be changed only the identity of the user has been verified and it is also ensured that the user who is trying to change the password is in fact the owner of the account and is authorized to do so.
Node.js has a core module which helps us in creating secure
unique random values. That core module is known as the crypto module.
Here is the link for same if you want to learn more about Crypto module :
Not every authenticated user is allowed to do everything.
Authorization means that we restrict the permissions of the logged-in user. For example, to restrict that no one else is able to add items to our cart, no one can visit a certain protected route if they don’t have the required privileged levels
So to sum it up,
Authorization is an important part of pretty much every application. Locking down access for authenticated users.
Not every authenticated user should be able to do everything. Instead you want to lock down access by restricting the permissions of your users.
Thanks for reading.
Don’t forget to leave a like if you loved the article. Also share it with your friends and colleagues.