Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Properly Securing Node.js APIs
Search
Chathu Vishwajith
September 22, 2018
Programming
0
57
Properly Securing Node.js APIs
Properly securing Node.js APIs at WebWeekend Kathmandu #WWKTM .
Chathu Vishwajith
September 22, 2018
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
67
Hardening WordPress is kind of Art
iamchathu
0
120
It's Someone Else's Servers
iamchathu
0
43
Hardening WordPress is An Art
iamchathu
0
140
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Programming
See All in Programming
GitHubとGitLabと AWS CodePipelineで CI/CDを組み比べてみた
satoshi256kbyte
4
230
Cache Me If You Can
ryunen344
2
730
Performance for Conversion! 分散トレーシングでボトルネックを 特定せよ
inetand
0
160
@Environment(\.keyPath)那么好我不允许你们不知道! / atEnvironment keyPath is so good and you should know it!
lovee
0
120
go test -json そして testing.T.Attr / Kyoto.go #63
utgwkk
3
300
ファインディ株式会社におけるMCP活用とサービス開発
starfish719
0
1.1k
rage against annotate_predecessor
junk0612
0
170
さようなら Date。 ようこそTemporal! 3年間先行利用して得られた知見の共有
8beeeaaat
3
1.4k
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
420
Testing Trophyは叫ばない
toms74209200
0
870
JSONataを使ってみよう Step Functionsが楽しくなる実践テクニック #devio2025
dafujii
1
530
Compose Multiplatform × AI で作る、次世代アプリ開発支援ツールの設計と実装
thagikura
0
150
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Mobile First: as difficult as doing things right
swwweet
224
9.9k
Six Lessons from altMBA
skipperchong
28
4k
Code Reviewing Like a Champion
maltzj
525
40k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Become a Pro
speakerdeck
PRO
29
5.5k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.2k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
How to Think Like a Performance Engineer
csswizardry
26
1.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Building an army of robots
kneath
306
46k
The Language of Interfaces
destraynor
161
25k
Transcript
WebWeekend Kathmandu
Perfectly Securing Node.js APIs
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup From Sri Lanka !
?
Cookie vs Tokens
Cookie vs Tokens
Cookie Tokens Statefull Stateless Performance Decoupled
Advantages of JWT → Stateless → Scalable → Decoupled
Advantages of JWT (Cont) → Cross-Domain → CORS
Use cases JWT (Cont) → Back-end APIs → Serverless Applications
→ IOT Devices → Mobile Applications
Things to Remember → JWTs are encoded not encrypted! →
This does not mean they can modify it though, even the slightest change will invalidate the token → Do not store sensitive information within a JWT. → Solution: JSON Web Encryption allows you to safely encrypt the claims of a token
JWT Token Structure header.payload.signature
Header Type of token and hashing algorithm → HMAC →
ECDSA → RSA
Payload Your Token Payload
Signature Verification of Token
Libraries Almost all languages has JWT implementation.
How to use JWT
Install JWT Library For Node.js and Express.js
Create JWT
Verify JWT
Organizing code → Module based approach. → Configuration in files.
→ Auto load models and routes. → Keep your secret secret.
Config file Keep all changing config strings in one place.
.env file we use dotenv to load .env file.
Shall we move to code work though?
Summery → Some APIs needs to secure → Cookie vs
Tokens → JWT is Stateless, Scalable, Decoupled → How to use JWT with Node.js
Code repository https://github.com/iamchathu/nodejs-api-starter
More Reading https://chathu.me/2017/08/28/jwt-introduction/
None
Thank you !
iamchathu
satoshi256kbyte
ryunen344
inetand
lovee
utgwkk
starfish719
junk0612
8beeeaaat
874wokiite
toms74209200
dafujii
thagikura
keavy
swwweet
skipperchong
maltzj
samlambert
speakerdeck
samanthasiow
iamctodd
csswizardry
afnizarnur
kneath
destraynor
