Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Properly Securing Node.js APIs
Search
Chathu Vishwajith
September 22, 2018
Programming
0
55
Properly Securing Node.js APIs
Properly securing Node.js APIs at WebWeekend Kathmandu #WWKTM .
Chathu Vishwajith
September 22, 2018
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
61
Hardening WordPress is kind of Art
iamchathu
0
120
It's Someone Else's Servers
iamchathu
0
42
Hardening WordPress is An Art
iamchathu
0
140
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
100
Other Decks in Programming
See All in Programming
設計やレビューに悩んでいるPHPerに贈る、クリーンなオブジェクト設計の指針たち
panda_program
6
1.3k
Effect の双対、Coeffect
yukikurage
5
1.5k
Benchmark
sysong
0
260
ASP.NETアプリケーションのモダナイズ インフラ編
tomokusaba
1
410
XP, Testing and ninja testing
m_seki
3
180
AWS CDKの推しポイント 〜CloudFormationと比較してみた〜
akihisaikeda
3
310
既存デザインを変更せずにタップ領域を広げる方法
tahia910
1
240
イベントストーミング図からコードへの変換手順 / Procedure for Converting Event Storming Diagrams to Code
nrslib
1
330
LT 2025-06-30: プロダクトエンジニアの役割
yamamotok
0
280
iOSアプリ開発で 関数型プログラミングを実現する The Composable Architectureの紹介
yimajo
2
210
PHP 8.4の新機能「プロパティフック」から学ぶオブジェクト指向設計とリスコフの置換原則
kentaroutakeda
2
490
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
150
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.7k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.4k
Designing Experiences People Love
moore
142
24k
Done Done
chrislema
184
16k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.8k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
107
19k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
124
52k
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.2k
The World Runs on Bad Software
bkeepers
PRO
69
11k
Transcript
WebWeekend Kathmandu
Perfectly Securing Node.js APIs
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup From Sri Lanka !
?
Cookie vs Tokens
Cookie vs Tokens
Cookie Tokens Statefull Stateless Performance Decoupled
Advantages of JWT → Stateless → Scalable → Decoupled
Advantages of JWT (Cont) → Cross-Domain → CORS
Use cases JWT (Cont) → Back-end APIs → Serverless Applications
→ IOT Devices → Mobile Applications
Things to Remember → JWTs are encoded not encrypted! →
This does not mean they can modify it though, even the slightest change will invalidate the token → Do not store sensitive information within a JWT. → Solution: JSON Web Encryption allows you to safely encrypt the claims of a token
JWT Token Structure header.payload.signature
Header Type of token and hashing algorithm → HMAC →
ECDSA → RSA
Payload Your Token Payload
Signature Verification of Token
Libraries Almost all languages has JWT implementation.
How to use JWT
Install JWT Library For Node.js and Express.js
Create JWT
Verify JWT
Organizing code → Module based approach. → Configuration in files.
→ Auto load models and routes. → Keep your secret secret.
Config file Keep all changing config strings in one place.
.env file we use dotenv to load .env file.
Shall we move to code work though?
Summery → Some APIs needs to secure → Cookie vs
Tokens → JWT is Stateless, Scalable, Decoupled → How to use JWT with Node.js
Code repository https://github.com/iamchathu/nodejs-api-starter
More Reading https://chathu.me/2017/08/28/jwt-introduction/
None
Thank you !