Your Auth vs Their Auth - abukhalil-LTUC-ASAC/amman-401d4 GitHub Wiki

What makes OAuth so special?

Stress free authentication! Both for you and the user, what you will save in terms of password management and web security is invaluable, and what the user would save in terms of time and effort to create, memorize and maintain these accounts cannot be overstated. But sometimes you have to maintain distinctiveness and might require more information which is where your Auth comes to play through JWT.

OAuth Flow, Literally.

  • Register your application to get a client_id and client_secret.
  • Ask the client if they want to sign in via a third party.
  • Make a request to a third-party API endpoint. (a gateway url that initiates the check of passed parameters)
  • Redirect to a third party authentication endpoint. (a redirect url that checks your passed parameters for any match and continues therefrom)
  • Receive authorization code. (this allows you to request authorization to certain data specified in the code)
  • Make a request to the access token endpoint. (as asking to use data from a predefined URL, only accessible with authorization code)
  • Receive access token. (this token is what you would convert into useable data objects)

Your Auth Flow.

  • Build a database and schema for user storage.
  • Build routes for registry and sign in.
  • Build middleware for token and verification stage.
  • Build a token for each sign in with header, payload (user data) and secret.
  • Query users on registry to check for uniqueness.
  • Query users on sign in to fetch data.
  • Attach token with each sign in after expiration.

Is JWT Secure?

Simply with the existence of the secret, any third party manipulation of the payload simply wont go through once the hash is decoded and found not matching, that secret is usually a predetermined value that is placed at the earliest stage and from other means. This means even if you manage it see the payload and decode it there is not much you could do with the information in terms of manipulation.