Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,194,401 members, 7,954,587 topics. Date: Friday, 20 September 2024 at 11:47 PM |
Nairaland Forum / Science/Technology / Programming / How Do You Handle Authentication In Your Projects? What's The Industry Standard? (656 Views)
How Do Developers Handle Authentication? / How To Structure Your React Project To Fit Industry Standard / Hire An Experienced Full Stack Developer For Your Projects! (2) (3) (4)
How Do You Handle Authentication In Your Projects? What's The Industry Standard? by Devdevdev(f): 1:25pm On Sep 30, 2023 |
Hi guys. I am really interested in getting your opinions on this issue. For user authentication I usually send a jwt token stored in a http-only cookie to my frontend. I handle authorization by verifying the token on every request to a protected api endpoint. How efficient and secure is this? What is the industry, real-world standard and how do you handle yours? What would you recommend? |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by BlackhatMentor: 9:26pm On Sep 30, 2023 |
You'll only try to look down on those who reply. 3 Likes |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by Devdevdev(f): 10:54pm On Sep 30, 2023 |
BlackhatMentor: Why would I look down on people trying to assist me? I am really curious to know. I have done some research and the overwhelming advice is to never build your own auth from scratch but rather to use already tested and secure services like keycloak or at the barest minimum something like passportjs with Oauth. I want to know how backend engineers on Nairaland handle their auth. |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by BlackhatMentor: 11:01pm On Sep 30, 2023 |
Devdevdev: You'll look down on them because before you ask these questions you must have done some research and arrive at a verdict you believe and feel is the way it's done and thus the only way. Once someone suggest something contrary you'd start replying with your usual derisive comments, remarks and troll like jabs. It's evident in all your threads here. I personally believe you're a gigantic TROLL. You love being a troll and you love the feeling you get when you feel your superior over others because of what you think you've learnt. 7 Likes 1 Share |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by YoungCabal: 5:59am On Oct 01, 2023 |
Devdevdev: User visits /login, on the backend, you authenticate using bcrypt or whatever algorithm and generate a token which you must send back as response. On the frontend, you read the response and store the token in httpOnly cookie named XSRF-TOKEN, axios and some other http libraries will automatically pass it for you on each request. Why store it in httpOnly cookie and not web storage ? Because if you store it in web storage, anyone can read it, using httpOnly cookie makes it impossible for anyone else to read the token except you, the server who sets it. 1 Like |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by tollyboy5(m): 8:38am On Oct 01, 2023 |
Devdevdev:jwt is good for most usage when working with APIs. You can use oauth2 if you want to login using third party app https://frontegg.com/blog/oauth-vs-jwt |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by Deicide: 10:24pm On Oct 02, 2023 |
http only cookie only make sense if the front end and backend is integrated together. 1 Like |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by rockfortdigital: 11:42pm On Oct 02, 2023 |
I feel you should use industry standard for the stack you’re building with. I work with Nextjs13.4 and I use NextAuth library. It generate the token upon login and sends it to the session. From the session, I can authenticate userz |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by DyingFetus: 10:04am On Oct 03, 2023 |
I create my own API with PHP |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by qtguru(m): 10:29am On Oct 03, 2023 |
I just use Spring boot security and call it a day. Man no get time. 1 Like |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by Alphabyte2: 4:29pm On Oct 04, 2023 |
Devdevdev:Use Auth0 or firebase authentication it offers a range of features such as single sign-on, multi-factor authentication and user management. It also supports various development frameworks and protocols, making it compatible with different types of applications. |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by airsaylongcome: 9:19pm On Oct 04, 2023 |
Expecting op to come swinging calling all of you that replied 1d1075 and how supremely elegant their preferred solution is 1 Like |
Re: How Do You Handle Authentication In Your Projects? What's The Industry Standard? by BlackhatMentor: 11:28pm On Oct 04, 2023 |
Devdevdev: And the self acclaimed princess of code never disappoints. I pity your future employer. You're sure to make life living hell for other employees thereby creating a less conducive atmosphere in your workplace. 1 Like
|
(1) (Reply)
Cloud Computing / Good Mobile Application Developer Needed / Introducing Microsoft's Usable Live Programming
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 24 |