Forem: Ammar Raneez The latest articles on Forem by Ammar Raneez (@ammarraneez). https://forem.com/ammarraneez https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F829650%2F6aebf75b-dfe2-46c7-9f25-a65824f4e09c.jpeg Forem: Ammar Raneez https://forem.com/ammarraneez en What on earth are graph databases? Ammar Raneez Wed, 21 Sep 2022 05:16:13 +0000 https://forem.com/ammarraneez/what-on-earth-are-graph-databases-3364 https://forem.com/ammarraneez/what-on-earth-are-graph-databases-3364 <p>You might have heard about SQL and NoSQL databases (they are, after all, the most popular available), but have you heard about a Graph Database? 🤔</p> <p>Let us look closer into this and explore why you should consider this novel approach.</p> <p>When we talk about Graphs, we’re talking about very densely connected data with many relationships (Ex: Social network connections and recommendation engines). A graph database is simply a form of the infamous graph data structure almost always questioned during technical interviews.</p> <p>Graph databases store “nodes” and “relationships” instead of tables and documents.</p> <p>Imagine sketching ideas on a whiteboard and joining them together forming some kind of mind map. You have the flexibility of thinking about how you would use it. Graph databases have the same influence — that data is stored similar to how your mind map would look like; densely connected relationships, albeit not having a strict predefined model to follow.</p> <h2> Why Graph databases? </h2> <p>Why would we need to use a graph database? After all, almost all applications that we build use either an SQL or NoSQL database.</p> <p>The most important reason is that it makes the reasoning of data much more understandable — especially when the data is densely connected.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--BO8LWqGN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fqig4stg37e9miyibr17.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--BO8LWqGN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fqig4stg37e9miyibr17.png" alt="As the complexity increases, the requirement to use a graph database also increases" width="720" height="189"></a></p> <p>Simply displaying an image that shows why to use a graph database will not suffice, hence, I will compare a simple use case using actual code.</p> <p>Imagine this scenario this SQL:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xS0HNzWu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/emz78irg0p9u5cqu713d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xS0HNzWu--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/emz78irg0p9u5cqu713d.png" alt="SQL-design" width="581" height="387"></a></p> <blockquote> <p>Our goal is to find the name of companies that purchased the product “Mac”.</p> </blockquote> <p>A solution would be as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="k">distinct</span> <span class="k">c</span><span class="p">.</span><span class="n">CompanyName</span> <span class="k">FROM</span> <span class="n">customers</span> <span class="k">AS</span> <span class="k">C</span> <span class="k">JOIN</span> <span class="n">orders</span> <span class="k">AS</span> <span class="n">o</span> <span class="k">ON</span> <span class="p">(</span><span class="k">c</span><span class="p">.</span><span class="n">CustomerID</span> <span class="o">=</span> <span class="n">o</span><span class="p">.</span><span class="n">CustomerID</span><span class="p">)</span> <span class="k">JOIN</span> <span class="n">orderdetails</span> <span class="k">AS</span> <span class="n">od</span> <span class="k">ON</span> <span class="p">(</span><span class="n">o</span><span class="p">.</span><span class="n">OrderID</span> <span class="o">=</span> <span class="n">od</span><span class="p">.</span><span class="n">OrderID</span><span class="p">)</span> <span class="k">JOIN</span> <span class="n">products</span> <span class="k">as</span> <span class="n">p</span> <span class="k">ON</span> <span class="p">(</span><span class="n">od</span><span class="p">.</span><span class="n">ProductID</span> <span class="o">=</span> <span class="n">p</span><span class="p">.</span><span class="n">ProductID</span><span class="p">)</span> <span class="k">WHERE</span> <span class="n">p</span><span class="p">.</span><span class="n">ProductName</span> <span class="o">=</span> <span class="err">‘</span><span class="n">Mac</span><span class="err">’</span> </code></pre> </div> <p>It obviously is pretty straightforward, however, when we put this exact same scenario into a graph database, things start getting more understandable.</p> <p>The exact same scenario in a Graph Database design:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--KA_HfhYh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6ecx3qd5yugxwkqs4re8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--KA_HfhYh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6ecx3qd5yugxwkqs4re8.png" alt="graph-db-design" width="586" height="460"></a></p> <p>The design, in this case, is easier to read and understand since the thought process required to build proper models is not present.</p> <p>A solution, using Gremlin is as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">g</span><span class="p">.</span><span class="nx">V</span><span class="p">().</span><span class="nx">hasLabel</span><span class="p">(</span><span class="err">‘</span><span class="nx">Product</span><span class="err">’</span><span class="p">).</span><span class="nx">has</span><span class="p">(</span><span class="err">‘</span><span class="nx">productName</span><span class="err">’</span><span class="p">,</span> <span class="err">‘</span><span class="nx">Mac</span><span class="err">’</span><span class="p">)</span> <span class="p">.</span><span class="k">in</span><span class="p">(</span><span class="err">‘</span><span class="nx">HAS_PRODUCT</span><span class="err">’</span><span class="p">)</span> <span class="p">.</span><span class="k">in</span><span class="p">(</span><span class="err">‘</span><span class="nx">HAS_DETAILS</span><span class="err">’</span><span class="p">)</span> <span class="p">.</span><span class="k">in</span><span class="p">(</span><span class="err">‘</span><span class="nx">PURCHASED</span><span class="err">’</span><span class="p">)</span> <span class="p">.</span><span class="nx">values</span><span class="p">(</span><span class="err">‘</span><span class="nx">CompanyName</span><span class="err">’</span><span class="p">).</span><span class="nx">dedup</span><span class="p">()</span> </code></pre> </div> <p>Querying, in this case, is much simpler since all you require to do is traverse the graph without having to worry about joins.</p> <h2> Popular Graph Databases </h2> <p>Currently in the industry there are a couple of popular options of graph databases, some of which are:</p> <ul> <li> <a href="https://neo4j.com/">Neo4j</a> — an ACID-compliant transactional database with native graph storage and processing.</li> <li> <a href="https://www.arangodb.com/">ArangoDB</a> —a scalable, fully managed graph database, document store and search engine in one place.</li> <li> <a href="https://aws.amazon.com/neptune/">Amazon Neptune</a> — a fast, reliable, fully managed graph database service</li> </ul> <p>All in all, graph databases can be an excellent solution if you require highly connected data with a large number of relationships — although this topic by itself can be daunting since it requires knowledge of how the graph data structure works.</p> <p>Keep growing! 😁</p> programming database webdev tutorial Auth0 "Embedded Login" with React Ammar Raneez Sat, 02 Apr 2022 05:56:03 +0000 https://forem.com/ammarraneez/auth0-embedded-login-with-react-20pm https://forem.com/ammarraneez/auth0-embedded-login-with-react-20pm <p>Auth0 is an "Authentication as a Service" provider, which means that it provides an implementation of authentication into your application without you having to implement a full flow yourself. Handling of Id, Access, and Refresh tokens are by Auth0 itself hence, allowing you to focus on the application that you are building and worry less about the storage &amp; access of tokens and security.</p> <p>In this blog, I will break down how I implemented an authentication flow using Auth0 and React.</p> <p>You might have come across the "auth0-react" package - a package that is an abstraction of the vanilla "auth0-js" package, which provides a higher-order API that makes the implementation so much simpler at the expense of using an Auth0-provided Authentication page - which handles the registering and log in (you would be redirected to that page). However, it can be customized if you have an account that has billing activated.</p> <p>I will be using the vanilla "auth0-js" package since I will be using a free account and want the authentication process to happen within my application - an embedded login.</p> <h2> The Setup </h2> <p>There are quite a few steps required in setting things up within the Auth0 dashboard.</p> <ul> <li><p>Navigate to the Auth0 website and create a new "tenant".<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fputy0g9lmrz0y20fr8pz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fputy0g9lmrz0y20fr8pz.png" alt="create-tenant"></a></p></li> <li><p>Create a new application in the "Applications" sidebar of the created tenant.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwjf4az4qq7jmoz9e83qp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwjf4az4qq7jmoz9e83qp.png" alt="create-app"></a></p></li> <li><p>Navigate to the settings tab of the created application.</p></li> <li><p>Add the URLs you will be using in development in the following sections. (Do not forget to update this whenever you use a different localhost, or once you deploy the application).<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F20w64l6a652irpf3e0nu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F20w64l6a652irpf3e0nu.png" alt="add-urls"></a></p></li> <li><p>Enable refresh token rotation (if not enabled) - we will need this to implement the persistence of the user on refresh. </p></li> <li><p>Scroll down to "Advanced Settings" and click on the "Grant Types" tab. Ensure that the "Password" option is checked.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwptrdwh7ap036yr51d06.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwptrdwh7ap036yr51d06.png" alt="enable-rf-token"></a></p></li> <li><p>Click on your created Tenant on the top left corner and navigate to "Settings".</p></li> <li><p>Click on the "General" tab and scroll till you find "Default Directory" under "API Authorization Settings".</p></li> <li><p>Add "Username-Password-Authentication" in the default directory. Make sure that there are not any typos.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3kpb0n3tj2b56tpes1f.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk3kpb0n3tj2b56tpes1f.png" alt="update-tenant-connection"></a></p></li> <li> <p>Navigate to "Rules" on the sidebar and "Create" a new "Empty" rule. This rule will attach a "role" attribute, which we will specify, to the object that we will obtain on authentication. We will use this attribute to implement authorization.</p> <ul> <li> Add your website name within <code>&lt;your-website&gt;</code>. Make sure you do not edit the <code>namespace</code> other than this. (The rule name can be anything you prefer).</li> <li>This rule will run upon a login request, just before the id token is issued, thereby injecting the role into the id token. <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F320kdmkt7e4tw5sck6h1.png" alt="create-rule"> </li> </ul> </li> <li><p>Navigate to "Authentication" and create a new database connection, give it the name "Username-Password-Authentication".</p></li> <li> <p>One last step. Go back to your created application, copy the Domain, Client ID and Client Secret, and paste those values into a file in your project, in my case, I have pasted them into an env file, along with a few other values that are present in the below screenshot.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feq24fmz3o5mvvanik81v.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feq24fmz3o5mvvanik81v.png" alt="env-file"></a></p> <ul> <li>Redirect URL refers to the URL you are running the application on; DB Connection is the database that we created; Response Type states in what form do we want the response on a login; Response Mode specifies where would the response show up - in our case, it would be appended into our URL as a fragment, however, this will not be used since we will be using an Embedded Authentication approach.</li> </ul> </li> <li><p>Finally, create a new file instantiating "WebAuth" - which comes from the "auth0-js" package as follows. (We need offline_access to obtain refresh tokens)<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">auth0</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">auth0-js</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">webAuth</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">auth0</span><span class="p">.</span><span class="nc">WebAuth</span><span class="p">({</span> <span class="na">domain</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_DOMAIN</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">clientID</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_CLIENT_ID</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">responseType</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_RESPONSE_TYPE</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">redirectUri</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_REDIRECT_URL</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">responseMode</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_RESPONSE_MODE</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">scope</span><span class="p">:</span> <span class="dl">'</span><span class="s1">openid profile email offline_access</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <h2> Register </h2> <p>Now that the base setup is in place, we can get into the meat and potatoes. The below code snippet is an example of a signup process.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">loginUser</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">webAuth</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nf">login</span><span class="p">({</span> <span class="na">realm</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_DB_CONNECTION</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">email</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">password</span><span class="p">,</span> <span class="p">},</span> <span class="k">async </span><span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">result</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">authenticate</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">webAuthLogin</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">webAuth</span><span class="p">.</span><span class="nf">signup</span><span class="p">({</span> <span class="na">connection</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_DB_CONNECTION</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="na">user_metadata</span><span class="p">:</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="nx">UserType</span><span class="p">.</span><span class="nx">CUSTOMER</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="k">async </span><span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">result</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">loginUser</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Sign-ups require an email/username and a password. Along with that, you can send additional metadata to enrich a user's profile within <code>user_metadata</code>. If you recall, this attribute is what we referred to to obtain the role attribute.</p> <p>If the base setup is all good, this request should be successful and you should be able to view this user in the "Users" tab under "User Management".</p> <p>The obtained result will be an enriched object containing the id and access tokens. The login function called logs the registered user into the application. I will get into that next.</p> <h2> Login </h2> <p>The login flow is relatively straightforward at first glance, as visible in the snippet above. However, it is a slight bit more work to implement the authenticate function that is being called on a successful response.</p> <p>The following snippet is the <code>authenticate</code> function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">authenticate</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">auth0Service</span><span class="p">.</span><span class="nf">handleAuthentication</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="k">await</span> <span class="nx">auth0Service</span><span class="p">.</span><span class="nf">setUserProfile</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">idToken</span><span class="p">,</span> <span class="nx">dispatch</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In the above snippet, an external service is called that does the behind the scenes functionality necessary to persist the user on a page refresh. If persistence is not necessary, this step is not required - the obtained result would suffice.</p> <p><code>handleAuthentication</code> is all about storing the tokens in session storage(<code>local storage</code> would work too).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kr">public</span> <span class="nf">handleAuthentication</span><span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">any</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">idToken</span> <span class="o">||</span> <span class="nx">result</span><span class="p">.</span><span class="nx">id_token</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">setSession</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">History</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">);</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nf">reload</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="kr">private</span> <span class="nf">setSession</span><span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">any</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">expiresAt</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">expiresIn</span> <span class="p">?</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">expiresIn</span> <span class="o">*</span> <span class="mi">1000</span> <span class="o">+</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">getTime</span><span class="p">())</span> <span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">expires_in</span> <span class="o">*</span> <span class="mi">1000</span> <span class="o">+</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">getTime</span><span class="p">());</span> <span class="k">this</span><span class="p">.</span><span class="nf">setSessionStorage</span><span class="p">(</span><span class="nx">result</span><span class="p">,</span> <span class="nx">expiresAt</span><span class="p">);</span> <span class="p">}</span> <span class="kr">private</span> <span class="nf">setSessionStorage</span><span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="nx">expiresAt</span><span class="p">:</span> <span class="nx">any</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">refreshToken</span> <span class="p">?</span> <span class="nx">result</span><span class="p">.</span><span class="nx">refreshToken</span> <span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">refresh_token</span><span class="p">);</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">expires_at</span><span class="dl">'</span><span class="p">,</span> <span class="nx">expiresAt</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In the above snippet, the result is passed to <code>setSession</code> that obtains the expiry time of the token, to ensure that only a token that is not expired can be used. <code>setSessionStorage</code> stores the obtained refresh token and the expiry time into session storage. (the checks for <code>result.idToken</code> &amp; <code>result.id_token</code> and result.refreshToken &amp; result.refresh_token is sole because there is a possibility that Auth0 returns them as either camelCase or snake_case)</p> <p><em>The reason why the refresh token is stored in session storage and not the id or access tokens is to avoid CSRF attacks (since they contain sensitive information). However, the refresh token does not contain any - it is solely used to obtain other access tokens, thereby having no meaning by itself.</em></p> <p><code>setUserProfile</code> is about storing the authenticated user in memory - in this case, redux.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kr">public</span> <span class="k">async</span> <span class="nf">setUserProfile</span><span class="p">(</span> <span class="nx">accessToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">idToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">dispatch</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nx">webAuth</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nf">userInfo</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="na">err</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="na">result</span><span class="p">:</span> <span class="nx">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Something went wrong: </span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nf">authenticateUser</span><span class="p">(</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="nx">idToken</span><span class="p">,</span> <span class="nx">result</span><span class="p">,</span> <span class="nx">dispatch</span><span class="p">,</span> <span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="kr">private</span> <span class="k">async</span> <span class="nf">authenticateUser</span><span class="p">(</span> <span class="nx">accessToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">idToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">,</span> <span class="nx">result</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="nx">dispatch</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="nf">dispatch</span><span class="p">(</span> <span class="nf">login</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">result</span><span class="p">?.</span><span class="nx">email</span><span class="p">,</span> <span class="na">userType</span><span class="p">:</span> <span class="nx">result</span><span class="p">?.[</span><span class="dl">'</span><span class="s1">https://&lt;your-website&gt;/claims/role</span><span class="dl">'</span><span class="p">],</span> <span class="nx">idToken</span><span class="p">,</span> <span class="nx">accessToken</span><span class="p">,</span> <span class="p">})</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In the above snippet, the obtained access token is used to get the user information, that was used to sign up. This information then is dispatched to redux. (In the rule, we specified to return the role attribute in our result object. If more information is required, it is as simple as adding that in the same rule 😁).</p> <h2> Persistence On Refresh </h2> <p>Now that we have integrated a portion of persistence within login, this section will focus on restoring the logged-in user on refresh.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// App.jsx</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">dispatchUserData</span> <span class="o">=</span> <span class="p">(</span><span class="nx">authResult</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">authResult</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="nf">dispatch</span><span class="p">(</span> <span class="nf">login</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">email</span><span class="p">,</span> <span class="na">accessToken</span><span class="p">:</span> <span class="nx">authResult</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="na">idToken</span><span class="p">:</span> <span class="nx">authResult</span><span class="p">.</span><span class="nx">id_token</span><span class="p">,</span> <span class="na">userType</span><span class="p">:</span> <span class="nx">user</span><span class="p">?.</span><span class="nx">user_metadata</span><span class="p">?.</span><span class="nx">role</span><span class="p">,</span> <span class="p">})</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">setAuthenticatedUser</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">authResult</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">isUserAuthenticated</span><span class="p">)</span> <span class="p">{</span> <span class="nx">authResult</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">auth0Service</span><span class="p">.</span><span class="nf">getInitialAuthenticatedUser</span><span class="p">();</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">authResult</span><span class="p">)</span> <span class="nf">dispatchUserData</span><span class="p">(</span><span class="nx">authResult</span><span class="p">);</span> <span class="p">}</span> <span class="nf">setAuthenticatedUser</span><span class="p">();</span> <span class="p">},</span> <span class="p">[</span><span class="nx">auth0Service</span><span class="p">,</span> <span class="nx">dispatch</span><span class="p">,</span> <span class="nx">isUserAuthenticated</span><span class="p">]);</span> <span class="c1">// External File</span> <span class="kr">public</span> <span class="k">async</span> <span class="nf">getInitialAuthenticatedUser</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">isUserAuthenticated</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">isAuthenticated</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">refreshTokenResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">getUserWithRefreshToken</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">isUserAuthenticated</span> <span class="o">&amp;&amp;</span> <span class="nx">refreshTokenResponse</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleAuthentication</span><span class="p">(</span><span class="nx">refreshTokenResponse</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getUser</span><span class="p">(</span><span class="nx">refreshTokenResponse</span><span class="p">.</span><span class="nx">access_token</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">user</span><span class="p">,</span> <span class="p">...</span><span class="nx">refreshTokenResponse</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="kr">public</span> <span class="nf">isAuthenticated</span><span class="p">():</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">date</span> <span class="o">=</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">expires_at</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">refreshToken</span> <span class="o">=</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">date</span> <span class="o">&amp;&amp;</span> <span class="nx">refreshToken</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">expiresAt</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">date</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">refreshToken</span> <span class="o">||</span> <span class="p">(</span><span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">getTime</span><span class="p">()</span> <span class="o">&gt;</span> <span class="nx">expiresAt</span><span class="p">))</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">removeSessionStorage</span><span class="p">();</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">};</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="kr">private</span> <span class="k">async</span> <span class="nf">getUserWithRefreshToken</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s2">`https://</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_DOMAIN</span><span class="p">}</span><span class="s2">/oauth/token`</span><span class="p">,</span> <span class="p">{</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">,</span> <span class="na">client_id</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_CLIENT_ID</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">),</span> <span class="na">client_secret</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REACT_APP_AUTH0_CLIENT_SECRET</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">}</span> <span class="kr">private</span> <span class="k">async</span> <span class="nf">getUser</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">:</span> <span class="nx">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nx">webAuth</span><span class="p">.</span><span class="nx">client</span><span class="p">.</span><span class="nf">userInfo</span><span class="p">(</span><span class="nx">accessToken</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="na">err</span><span class="p">:</span> <span class="nx">any</span><span class="p">,</span> <span class="na">result</span><span class="p">:</span> <span class="nx">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Something went wrong: </span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">result</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="kr">public</span> <span class="nf">removeSessionStorage</span><span class="p">():</span> <span class="k">void</span> <span class="p">{</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">refresh_token</span><span class="dl">'</span><span class="p">);</span> <span class="nx">sessionStorage</span><span class="p">.</span><span class="nf">removeItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">expires_at</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The snippet above is placed in the <code>App</code> file because it runs on page load. The <code>useEffect</code> defined calls a helper function to obtain the current logged in user and stores them in redux.</p> <p><code>getInitialAuthenticatedUser</code> calls a function that checks if the user is authenticated. This function, <code>isUserAuthenticated</code> verifies that the token stored in session storage is not expired (it removes it if so and returns false - that there is no user).<br>  <br> The <code>getUserWithRefreshToken</code> function speaks for itself. It calls an API of your created Auth0 application passing the refresh token available in session storage to obtain a response. The same procedure is followed where the newly obtained refresh token is stored in session storage overriding the currently existing one.</p> <p><code>getUser</code> is called with the obtained access token that will finally return the user object.</p> <p>Congratulations! You now have a working Authentication flow implemented using Auth0 😁</p> <p>Keep Growing!</p> authentication react javascript auth0 Understanding JWT Ammar Raneez Thu, 17 Mar 2022 15:06:37 +0000 https://forem.com/ammarraneez/understanding-jwt-b54 https://forem.com/ammarraneez/understanding-jwt-b54 <p>One of many ways of implementing Authentication &amp; Authorization into your applications is the JWT (JSON Web Token)</p> <p>A JWT is a string of random characters that is an <strong>encoded</strong> form of information.</p> <p>Its a methodology of transmitting information between two parties securely in JSON format. The information can be trusted since it is digitally signed using a secret/key not disclosed to the user. In other words, only the party that has signed it has access to the secret/key, hence maintaining integrity.</p> <h3> Examples of where JWT is used </h3> <ul> <li>Authentication | Authorization</li> <li>Transferring of sensitive data between parties (as mentioned above)</li> </ul> <p>Perhaps the most common usage of JWT is for scenarios of Authentication. The procedure followed is as follows:</p> <ol> <li>Once a user logs in, a JWT is issued to the user from the server.</li> <li>The user sends this token with each subsequent request to the server via the <strong>Authorization</strong> header.</li> <li>The server verifies this token to ensure that the user is who they claim to be and sends back the requested route/service if it was verified.</li> </ol> <p><em><strong>Note</strong> Although the JWT is signed and protected from fraud, this does not mean that it is <strong>encrypted</strong> - it is base64 <strong>encoded</strong>, which means that you could use a base64 decoder to get the JSON information. Therefore, avoid storing secret information in the JWT unless that information is by itself encrypted.</em></p> <h3> JWT Structure </h3> <p>The JWT consists of 3 main components, each separated by a single dot (<code>.</code>)</p> <ul> <li>Header</li> <li>Payload</li> <li>Signature</li> </ul> <p>A JWT would therefore be in the form of:<br> <code>hhhhhh.pppppppp.ssssss</code></p> <p>Where the "h" characters represent the header, the "p" characters the payload, and the "s" characters the signature.</p> <p>Let us shed some light on what each of these components represents.</p> <h4> The Header </h4> <p>The header usually gives information about the token itself: the type (in this case, JWT) and the algorithm used to sign it (Ex: SHA256).</p> <p>An example Header is as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> { "alg": "HS256", "typ": "JWT" } </code></pre> </div> <h4> The Payload </h4> <p>Perhaps the most important part of the JWT. This is where the "Claims" (user information and any additional data) are stored. "Additional data" could be the <strong>iat</strong> (issued at), <strong>sub</strong> (subject) and <strong>aud</strong> (audience).</p> <p>An example Payload is as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> { "sub": "1234567890", "iat": 1516239022, "name": "John Doe" } </code></pre> </div> <p>The Payload and Header are <strong>Base64Url</strong> encoded.</p> <p><em>Fun fact for the curious minds: <strong>Authorization</strong> can be implemented by having a "role" attribute in your JWT. For example:</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> { "sub": "1234567890", "iat": 1516239022, "name": "John Doe", "role": "Admin" } </code></pre> </div> <p><em>This "role" attribute can be validated in the backend to provide certain permissions for the calling user. For example, the server could check if the token has an <strong>Admin</strong> role, and if so, let the user access that specific resource.</em></p> <h4> The Signature </h4> <p>The Signature is a signed combination of the Base64Url encoded Payload &amp; Header, the algorithm defined in the Header and a specified secret.</p> <p>For example, say we are using the SHA256 Algorithm, then the secret would be as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), your-256-bit-secret ) </code></pre> </div> <p>The signature is to make sure that the data has not been altered. Also, to verify whether the user is who they claim to be - in cases where a private key was used for the signing process.</p> <h4> A Final Example </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4w1qaicanneqphlugmax.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4w1qaicanneqphlugmax.png" alt="JWT Example"></a> </p> <blockquote> <p>jwt.io</p> </blockquote> <p>All in all, JWT can be intimidating if all we do is read about it and not apply it anywhere. However, once you implement Authentication using JWT, you will fully understand the entire concept - it might even become second nature. </p> <p>Keep growing!</p> authentication jwt javascript Authentication — the bare minimum Ammar Raneez Sat, 12 Mar 2022 14:51:19 +0000 https://forem.com/ammarraneez/authentication-the-bare-minimum-4ajh https://forem.com/ammarraneez/authentication-the-bare-minimum-4ajh <p>Authentication can be a complex topic, mainly because of the sheer number of various solutions and methods available. In this blog, I will discuss two popular ones and later blogs dive deeper into each and others.</p> <p>Authentication is about verifying the identity of a user. For instance, when you login into an application using email/username &amp; password, you are being <strong>authenticated</strong> to make sure that you are who you claim to be.</p> <h2> Is it Authentication Or Authorization? </h2> <p>A confusion currently in the tech community is on this topic. People use these terms interchangeably; some even say that there is no difference whatsoever.</p> <p>Authentication &amp; Authorization are <strong>not</strong> the same — I would even say that they are not even similar.</p> <p><strong>Authorization</strong> is all about <strong>access rights</strong>, or in simple terms, what permissions you have.</p> <p>Let us look at an example (this may/may not be the actual procedure followed):</p> <p><em>User A, a customer, logs into Amazon to purchase products. User B, an admin, logs into Amazon to remove products that have no more stock.</em></p> <p>In the above example, User A can only <strong>purchase</strong> products; they cannot <strong>remove</strong>, while User B can purchase <strong>and</strong> remove them. This is the difference between Authentication and Authorization. Although User A has logged in and can purchase, they cannot remove them, this functionality is only allowed to be performed by an admin. In other words, User A has permission to only buy; User B has permission to buy and remove.</p> <h2> Types of Authentication </h2> <p>There are a couple of different ways that you could implement authentication into your applications — here are two of the more popular ones:</p> <ul> <li><p>JSON Web Tokens (JWTs)</p></li> <li><p>Sessions</p></li> </ul> <p>JWT is a way of authenticating users and sharing information between two parties, particularly a client and a server. It’s a string of random characters that is an <strong>encoded</strong> form of user details. The client sends this token with each request to the server — where it verifies whether or not the provided token is valid.</p> <ol> <li><p>The user sends a login request to the server</p></li> <li><p>The server authenticates the login and sends a token to the user</p></li> <li><p>The user sends a new request with the provided token</p></li> <li><p>The server checks whether the token is valid or not and sends the requested pages to the user if it was valid</p></li> </ol> <p>Sessions are also a way of authenticating users and sharing information between client and server. It is a container of user information generated and saved on the server. This session is sent to the user via a cookie, which is used to send new requests where the server verifies.</p> <ol> <li><p>The user sends a login request to the server</p></li> <li><p>The server authenticates the login and sends a cookie containing the generated session ID</p></li> <li><p>The user sends a new request with the provided cookie</p></li> <li><p>The server checks for the ID found in the cookie. If the ID is found, it sends the requested pages to the user</p></li> </ol> <p>There are other methods as well, such as OAuth (Ex: Google, Facebook logins) and Authentication as a Service (Ex: Auth0, Cognito).</p> <p>All in all, it can be a complex topic, but it does not have to be if learnt well. Keep growing!</p> authentication authorization