Next.js Tutorial – Part 6 | Authentication for API Routes using JWT and bcrypt

テクノロジー



This video shows the Theory and Code needed to build an Authentication system.

We use bcrypt and JWT tokens. We also go through the different strategies to store authentication tokens between different sessions, showing the possible issues with the different strategies.

If you want to jump directly into code go to 20:45

—-
Repository: https://github.com/bmvantunes/youtube-2020-march-nextjs-part6
—-
Next.js Examples: https://github.com/zeit/next.js/tree/canary/examples
—-
Slides available at: https://docs.google.com/presentation/d/15eM4oFshHCwvPDY0BRQGnn8JnVirv9TqKVnaox_8bEk/edit?usp=sharing
—-
All references about I used for this video:

Using HTTP cookies - HTTP | MDN
An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it...
developer.mozilla.org
Cross-Site Request Forgery Prevention - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
cheatsheetseries.owasp.org
Site Not Configured | 404 Not Found
stormpath.com
Using HTTP cookies - HTTP | MDN
An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it...
developer.mozilla.org
Same-origin policy - Wikipedia
en.wikipedia.org
Cross Site Scripting (XSS) | OWASP Foundation
Cross Site Scripting (XSS) on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
owasp.org
OAuth is Not Authentication
The reasons why OAuth is not an authentication protocol, and why without using open standards such as OpenID Connect, should not be hacked to become one.
www.scottbrady91.com
Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Read all about our n...
letsencrypt.org
RFC 7519: JSON Web Token (JWT)
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object...
datatracker.ietf.org

https://codahale.com/how-to-safely-store-a-password/
—-

Follow me on:
Twitter: https://twitter.com/bmvantunes
Dev.to: https://dev.to/bmvantunes
Website: https://brunoantunes.net
Github: https://github.com/bmvantunes
LinkedIn: https://www.linkedin.com/in/bmvantunes

Comments

Copied title and URL