Reputation: 1538
Implement a secured and production ready authentication system in a Node.js server without being tied to a third-party provider
I am used to develop web apps using the Meteor JavaScript framework, which handles authentication. I am now developing for the first time a web app using a Node.js (Express) + GraphQL stack on the backend, with React on the frontend, so I have to handle authentication myself.
I read a lot of things about it, and I like the idea of token based authentication. I am thinking about using JWT, so I don't have to deal with sessions.
I know there are a lot of tutorials, but each one always has a sort of disclaimer like : "this tutorial is not production ready, use it for educational purposes only...". Every time I read something about authentication, it seems to be something so difficult to implement that I shouldn't implement it myself. But I don't want to use services providers like AWS Cognito, Google Cloud Platform because I want to keep my users data in my own system and database. I don't want to be tied to a third party provider.
I know how to generate jwt tokens, refresh tokens, how to verify them, etc... I am able to develop a working auth system, but I am never sure I do it in a secure and production ready way because of all those comments I can read on the Internet.
So, what would you recommend to implement a secured and production ready authentication system in a Node.js server without being tied to a third-party provider. Do you know any complete tutorial or documentation about it?
Upvotes: 7
Views: 1576
Answers (1)
Reputation: 19728
There are several approaches to implement authentication for an application.
- Use a identity server manage by you
- Use a fully manage service for authentication.
- Use authentication middleware.
- Write your own authentication solution.
If you are afraid in vender locking I would suggest to use an authentication middleware like PassportJS which will facilitate the abstraction of authentication strategy with its implementation.
On the otherhand writing your custom authentication can be challenging in terms of security, specially finding snd fixing these vulnerabilities.
Upvotes: 2
Related Questions
- Third party login NodeJS?
- user authentication libraries for node.js?
- Develop Node + Express applications with user authentication without having to log into an account each server change?
- Node js : How can I integrate authorization and authentication to my node application?
- Node.js based Authentication & Authorisation framework?
- REST / Web based authentication-as-a-service a possibility?
- Setup a third party node.js authentication server
- nodejs user system authentication
- Authenticated login architecture for Express/Node app
- Authentication for a SPA and a node.js server