Hüseyin BABAL, profile picture
Uploaded byHüseyin BABAL
PPTX, PDF6,240 views

Token Based Authentication Systems with AngularJS & NodeJS

The document outlines a RESTful authentication system using AngularJS and Node.js, discussing aspects like JSON Web Tokens (JWT) for securing endpoints. It includes a dialogue between a boss and developer about building native applications and specifics of implementing user authentication. The document also references various libraries across programming languages for JWT implementation and highlights the architecture and advantages of the system.

Embed presentation

Downloaded 67 times
Restful Authentication System with AngularJS & NodeJS
Hüseyin BABAL Full Stack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net
POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com
Boss: I want native mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???
My App I need to develop client Andr oid Window s 8 iOS Desktop App independent system...
POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com
Wait! What is Bearer Token?
JWT Powerful token format used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts
JWT header payload signatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts
Libraries Language Library Url PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/
Architectur e Time
Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)
Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)
Demo
Thank you! Thank you

More Related Content

PPTX
Building Secure User Interfaces With JWTs (JSON Web Tokens)
byStormpath
 
PDF
2016 pycontw web api authentication
byMicron Technology
 
PDF
Json web token api authorization
byGiulio De Donato
 
PDF
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
byiMasters
 
PPTX
JWT Authentication with AngularJS
byrobertjd
 
PDF
JSON Web Token
byDeddy Setyadi
 
PDF
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
PPTX
Building Secure User Interfaces With JWTs
byrobertjd
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
byStormpath
 
2016 pycontw web api authentication
byMicron Technology
 
Json web token api authorization
byGiulio De Donato
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
byiMasters
 
JWT Authentication with AngularJS
byrobertjd
 
JSON Web Token
byDeddy Setyadi
 
Modern API Security with JSON Web Tokens
byJonathan LeBlanc
 
Building Secure User Interfaces With JWTs
byrobertjd
 

What's hot

PPTX
Micro Web Service - Slim and JWT
byTuyen Vuong
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
byJonathan LeBlanc
 
PDF
What are JSON Web Tokens and Why Should I Care?
byDerek Edwards
 
PPTX
An Introduction to OAuth2
byAaron Parecki
 
PDF
JSON Web Tokens
byIvan Rosolen
 
PPTX
Securing Single Page Applications with Token Based Authentication
byStefan Achtsnit
 
PDF
Authentication: Cookies vs JWTs and why you’re doing it wrong
byDerek Perkins
 
PPTX
REST Service Authetication with TLS & JWTs
byJon Todd
 
PDF
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
byAntonio Sanso
 
PDF
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
byAlvaro Sanchez-Mariscal
 
PDF
OAuth 2.0
byUwe Friedrichsen
 
PPTX
Single-Page-Application & REST security
byIgor Bossenko
 
PDF
Using JSON Web Tokens for REST Authentication
byMediacurrent
 
PDF
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
PDF
Rest Security with JAX-RS
byFrank Kim
 
PDF
iMasters Intercon 2016 - Identity within Microservices
byErick Belluci Tedeschi
 
PDF
Introduction to JWT and How to integrate with Spring Security
byBruno Henrique Rother
 
PDF
Stateless authentication for microservices - Greach 2015
byAlvaro Sanchez-Mariscal
 
PDF
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
PDF
Building an API Security Ecosystem
byPrabath Siriwardena
 
Micro Web Service - Slim and JWT
byTuyen Vuong
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
byJonathan LeBlanc
 
What are JSON Web Tokens and Why Should I Care?
byDerek Edwards
 
An Introduction to OAuth2
byAaron Parecki
 
JSON Web Tokens
byIvan Rosolen
 
Securing Single Page Applications with Token Based Authentication
byStefan Achtsnit
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
byDerek Perkins
 
REST Service Authetication with TLS & JWTs
byJon Todd
 
OAuth Hacks A gentle introduction to OAuth 2 and Apache Oltu
byAntonio Sanso
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
byAlvaro Sanchez-Mariscal
 
OAuth 2.0
byUwe Friedrichsen
 
Single-Page-Application & REST security
byIgor Bossenko
 
Using JSON Web Tokens for REST Authentication
byMediacurrent
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
Rest Security with JAX-RS
byFrank Kim
 
iMasters Intercon 2016 - Identity within Microservices
byErick Belluci Tedeschi
 
Introduction to JWT and How to integrate with Spring Security
byBruno Henrique Rother
 
Stateless authentication for microservices - Greach 2015
byAlvaro Sanchez-Mariscal
 
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
Building an API Security Ecosystem
byPrabath Siriwardena
 

Similar to Token Based Authentication Systems with AngularJS & NodeJS

PPTX
REST API Security: OAuth 2.0, JWTs, and More!
byStormpath
 
PDF
Securing Web Applications with Token Authentication
byStormpath
 
PDF
JWT_Authentication_MERN_Stack_Assignment.pdf
byJaydeep Kale
 
PDF
REST API Authentication Methods.pdf
byRubersy Ramos García
 
PPTX
3783daf0-8a4d-45ad-a2f3-2a787053f90e.pptx
byNicoleFalcao1
 
PDF
Autenticação com Json Web Token (JWT)
byIvan Rosolen
 
PDF
JWT! JWT! Let it all out!
byJohn Anderson
 
PPTX
Authenticating Angular Apps with JWT
byJennifer Estrada
 
PDF
Jwt Security
bySeid Yassin
 
PDF
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
byLuciano Mammino
 
PPT
Securing RESTful API
byMuhammad Zbeedat
 
PPTX
IEEE WEB DOCUMENT PPT FOR EXPLANATION OF THE TOPIC
bysujalmacbookm2air
 
PPTX
Pentesting jwt
byJaya Kumar Kondapalli
 
PDF
JSON Web Tokens Will Improve Your Life
byJohn Anderson
 
PPTX
Complete Guide to Setup Secure Scheme for Restful APIs
byXing (Xingheng) Wang
 
PDF
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - Code E...
byLuciano Mammino
 
PDF
UVic Startup Slam September 2014 (Kiind)
bysendwithus
 
PDF
Protecting web APIs with OAuth 2.0
byVladimir Dzhuvinov
 
PDF
JavaOne 2014 - Securing RESTful Resources with OAuth2
byRodrigo Cândido da Silva
 
PDF
What the Heck is OAuth and Open ID Connect? - UberConf 2017
byMatt Raible
 
REST API Security: OAuth 2.0, JWTs, and More!
byStormpath
 
Securing Web Applications with Token Authentication
byStormpath
 
JWT_Authentication_MERN_Stack_Assignment.pdf
byJaydeep Kale
 
REST API Authentication Methods.pdf
byRubersy Ramos García
 
3783daf0-8a4d-45ad-a2f3-2a787053f90e.pptx
byNicoleFalcao1
 
Autenticação com Json Web Token (JWT)
byIvan Rosolen
 
JWT! JWT! Let it all out!
byJohn Anderson
 
Authenticating Angular Apps with JWT
byJennifer Estrada
 
Jwt Security
bySeid Yassin
 
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
byLuciano Mammino
 
Securing RESTful API
byMuhammad Zbeedat
 
IEEE WEB DOCUMENT PPT FOR EXPLANATION OF THE TOPIC
bysujalmacbookm2air
 
Pentesting jwt
byJaya Kumar Kondapalli
 
JSON Web Tokens Will Improve Your Life
byJohn Anderson
 
Complete Guide to Setup Secure Scheme for Restful APIs
byXing (Xingheng) Wang
 
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - Code E...
byLuciano Mammino
 
UVic Startup Slam September 2014 (Kiind)
bysendwithus
 
Protecting web APIs with OAuth 2.0
byVladimir Dzhuvinov
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
byRodrigo Cândido da Silva
 
What the Heck is OAuth and Open ID Connect? - UberConf 2017
byMatt Raible
 

More from Hüseyin BABAL

PPTX
Infinite Scalable Systems with Docker
byHüseyin BABAL
 
PPTX
MongoDB GeoSpatial Feature
byHüseyin BABAL
 
PPTX
NodeJS ve API Tasarım Temelleri
byHüseyin BABAL
 
PPTX
RESTful API Design Fundamentals
byHüseyin BABAL
 
PPTX
Token Based Authentication Systems
byHüseyin BABAL
 
PDF
Make Your Application Social
byHüseyin BABAL
 
PDF
Realtime web applications with ExpressJS and SocketIO
byHüseyin BABAL
 
PDF
Complete MVC on NodeJS
byHüseyin BABAL
 
Infinite Scalable Systems with Docker
byHüseyin BABAL
 
MongoDB GeoSpatial Feature
byHüseyin BABAL
 
NodeJS ve API Tasarım Temelleri
byHüseyin BABAL
 
RESTful API Design Fundamentals
byHüseyin BABAL
 
Token Based Authentication Systems
byHüseyin BABAL
 
Make Your Application Social
byHüseyin BABAL
 
Realtime web applications with ExpressJS and SocketIO
byHüseyin BABAL
 
Complete MVC on NodeJS
byHüseyin BABAL
 

Recently uploaded

PDF
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
PPT
Presentation on TCL/TK scripting language
byBimal Jain
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PDF
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
PDF
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
PDF
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
PDF
DevOps Monitoring Tools: The 2025 Guide to Performance & Observability
byalexendrascott01
 
PDF
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
PDF
Breaking the Vulnerability Management Cycle with Anchore and Echo
byAnchore
 
PPTX
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
PPTX
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PDF
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
Presentation on TCL/TK scripting language
byBimal Jain
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
DevOps Monitoring Tools: The 2025 Guide to Performance & Observability
byalexendrascott01
 
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
Breaking the Vulnerability Management Cycle with Anchore and Echo
byAnchore
 
Building a RAG System for Customer Support - L1
byBogdan Mustata
 
Understanding-ROM-RAM-Cache-and-Buffer-Memory.pptx.pptx
bylata2850
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 

Token Based Authentication Systems with AngularJS & NodeJS

  • 1.
    Restful Authentication Systemwith AngularJS & NodeJS
  • 2.
    Hüseyin BABAL FullStack Developer PHP, JAVA, NodeJS developer. Building highly scalable, realtime systems. Web Development mentor. Entrepreneur. NodeJS trainer. GDG conference speaker @huseyinb abal @huseyinba bal http://huseyinbab al.net
  • 3.
    POST /signin username=.....&password=...... HTTP 200 Set-Cookie: session=....... POST /user/me Cookie: session=....... HTTP 200 {name: john, surname: doe, …..} http://app.yoursite.com http://app.yoursite.com
  • 4.
    Boss: I wantnative mobile and desktop version of our current web application Developer: We need to develop new services for specific clients. Boss: What about cost? You need to find another solution better Developer: ???
  • 5.
    My App Ineed to develop client Andr oid Window s 8 iOS Desktop App independent system...
  • 6.
    POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com http://api.yoursite.com
  • 7.
    Wait! What is Bearer Token?
  • 8.
    JWT Powerful tokenformat used in HTTP headers in order to make some endpoint secure. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOjEyMzQ1Njc4OTAsIm5hbWUiOiJKb2huI ERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfx UZXiPs3f8FmJDkDE_VCQFXqKxpLsts
  • 9.
    JWT header payloadsignatur e b64({ typ: ‘JWT’, alg: ‘HS256’ }) HMACSHA256(b64( header) + “.” + b64(payload), secret_key) b64({ name: “John”, id: “123456”, role: “admin” }) eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEyMzQ1Njc4OTAsIm5h bWUiOiJKb2huIERvZSIsImFkbWluIjp0cnVlfQ.eoaDVGTClRdfxUZXiPs3f8Fm JDkDE_VCQFXqKxpLsts
  • 10.
    Libraries Language LibraryUrl PHP https://github.com/firebase/php-jwt .NET https://github.com/AzureAD/azure-activedirectory- identitymodel-extensions-for- dotnet Ruby https://github.com/progrium/ruby-jwt NodeJS https://github.com/auth0/node-jsonwebtoken Java https://github.com/auth0/java-jwt Python https://github.com/progrium/pyjwt/
  • 11.
  • 12.
    Mongo DB http://api.yoursite. com POST /signin username=.....&password=...... HTTP 200 token: JWT (Bearer Token) POST /user/me Authorization: Bearer JWT(Bearer THoTkTePn )200 {name: john, surname: doe, …..} http://app.yoursite.com Check Username and Password, create token if valid, add to DB Check token from db whenever a request come http://t1.yoursite. com …….. http://tn.yoursite.c om (Load balancer)
  • 13.
    Advantages Client independent CDN Zero Coupling No cookie(session), no csrf Persistent token store Available for other languages (JWT token)
  • 14.
  • 15.