Authentication and Authorisation with ExpressJS

In the realm of security, building a functioning platform is one thing, but building a secure platform is another. Throughout this campaign, we will be exploring three concepts called 3As — Authentication, Authorisation and Access Control. Most importantly, we will focus on the first two concepts.

The first tutorial will discuss and contain source code for basic authentication and the second tutorial will discuss and contain source code for basic authorisation.
Finally, the quest and the bounty will combine these two concepts into one infrastructure, thereby, increasing your knowledge and understanding in basic security practices for the web!

Prerequisites

We will assume that you already have some familiarity with Web technologies such as HTML, CSS and Javascript. Also, before you start on this campaign, you should have completed the Introduction to Backend Development with ExpressJS in the Web Development Pathway.

By the end of this campaign, you will be able to:

• Recap on Back End programming with ExpressJS
• Issue a cookie to the client’s browser and understand and apply the various cookie storage settings
• Setup secure server routes to prevent unwanted access in the system
• Generate a token with Json Web Token (JWT) and provision a cookie to the client
• Validate a user access by validating their authenticated cookie
• Build an algorithm to authorise user to a particular server resource