Users and Security
Overview
So far in the course, all users have been treated the same. Everyone has had the right to add, edit, and delete data, even if the data was not created by them. In this part, we look into how to register users and how to log in to the application. We also look into how to keep track of the users and how to verify that the users are only using the parts of the application they are allowed to use. We finally briefly look into a few common web security flaws and how to avoid them.
The structure of this part is as follows:
- Users, security, and passwords introduces key concepts related to having users, discusses password security, and shows how to create registration and login API endpoints.
- Tracking users: cookies, sessions, and tokens discusses methods used to track users in web applications, including cookies, sessions, and JWTs, and covers privacy regulations.
- Authentication with JWT demonstrates how to generate JWTs on the server and return them to clients.
- Client-side authentication shows how to create login and registration forms, manage authentication state, and display user information.
- Authorization and access control demonstrates protecting API endpoints and routes and making authenticated requests from the client.
- Working with user-specific resources shows how to restrict access to user-specific resources.
- Role-based access control introduces RBAC and shows how to implement roles in both the API and the client.
- Using an authentication library discusses why you should not roll your own authentication in production and shows how to use an authentication library.
- Input validation and data security discusses input validation for both security and user experience.
- Web security essentials discusses some basic web security flaws and points to resources for further reading.
- Overarching project continues with the overarching project, adding user registration, login, and authentication.
Finally, at the end of the part, there is a recap and feedback chapter that briefly summarizes the part and asks for feedback on the part.