Iv'e been teaching myself web security protocols recently, and one of the most complex topics seems to be user authentication. When writing Node.js applications for production, what authentication options are typically used? Do I need to learn all of the OAuth 2.0 and OpenID Connect protocols?The way I see it now, these are the options for user authentication (please correct me if I am wrong):sessions (session ID stored in cookie) + session store (redis/mongo/etc.)passport.js local strategy (with sessions) + session store (redis/mongo/etc.)passport.js 3rd party strategy (Google/Facebook/etc.) (This uses OAuth 2.0 and OIDC I believe)paid 3rd party user management platform (Okta/Onelogin/etc.)I also am looking into an npm module "openid-client" which says it supports passport.js (though i dont know how it would be implemented as of now)Are these the correct options for good user authentication methods? Is rolling your own authentication using OAuth 2.0 and OIDC protocols really needed?Edit: Forgot to mention JWT, but it seems they aren't the most optimal way of user authentication (for login purposes at least)
Submitted May 24, 2020 at 06:23AM by Sandmanndh
No comments:
Post a Comment