Reputation: 479
Backend authentication, where to start?
I am currently working on a backend for my frontend page. On the frontend, the user is logging in through OAuth against an open API (Spotify, namely). The Frontend will need a backend to store user-specific APP relevant data (which is openly available, so non-sensitive).
The backend will handle storing saved artists and songs people listened to (I'm building some sort of Discography/Completionist app that will also notify the user if new releases are available) to a Database.
I do plan on authenticating the user with their spotify ID (either a specified name they registered with (saik112 as for my example) or a generated id (21pnmeemw6hthwhwtbfwqxb4y as for my girlfriends example)) and a secret.
How would I go about obfuscating that on the frontend and checking it on the backend? Are there any libraries available that fit what I'm looking for or can I just go and make a buffer from ID+secret and check that on the backend?
Upvotes: 0
Views: 145
Answers (1)
Reputation: 3571
If I were you, I'd look into JSON Web Tokens (JWTs). They allow you to authenticate requests with an encrypted token which can contain any payload you wish. You would then use that payload in the backend to determine each user's privileges.
Upvotes: 1
Related Questions
- Architecting and thinking about Authentication
- Security in front-end applications
- Authentication in the World of Front-End Frameworks
- How should I setup auth in a nodejs app?
- Node.js & AngularJS quickest and simplest way to implement authentication & authorization mechanism
- Completely Lost on AngularJS Authentication Implementation
- How to implement login system in Angular app with already existing REST API backend
- Setup a third party node.js authentication server
- Performing simple authentication in Angular and Node
- Understanding how to use NodeJS to create a simple backend