Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Properly Securing Node.js APIs
Search
Chathu Vishwajith
September 22, 2018
Programming
63
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Properly Securing Node.js APIs
Properly securing Node.js APIs at WebWeekend Kathmandu #WWKTM .
Chathu Vishwajith
September 22, 2018
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
78
Hardening WordPress is kind of Art
iamchathu
0
140
It's Someone Else's Servers
iamchathu
0
56
Hardening WordPress is An Art
iamchathu
0
160
Speed Up Your WordPess
iamchathu
0
120
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Programming
See All in Programming
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
250
TypeScript+Orvalで実現する型安全かつ堅牢でスケーラブルなマルチチャネル通知基盤 / TSKaigi Night talks ~after conference~
d0riven
0
380
AI 輔助遺留系統現代化的經驗分享
jame2408
1
1.2k
Developing with AI Agents — Codex, Claude Code & Cowork Practical Guide
x5gtrn
PRO
0
1.3k
「正の参照」と 「負の導出」で組む ハーネスエンジニアリング
cottpan
1
120
Even G2とAWSで推しのエージェントを召喚しよう!
har1101
1
140
Agentic UI
manfredsteyer
PRO
0
220
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
990
symfony/aiとlaravel/boost
77web
0
120
The NotImplementedError Problem in Ruby
koic
1
1.1k
Javaの型とAI時代に型が大事な理由 / java types and type in AI era
kishida
2
170
Hatena Engineer Seminar #37「言語モデルの活用に関する研究」
slashnephy
0
470
Featured
See All Featured
Producing Creativity
orderedlist
PRO
348
40k
The Spectacular Lies of Maps
axbom
PRO
1
850
Why Our Code Smells
bkeepers
PRO
340
58k
Abbi's Birthday
coloredviolet
3
8.5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
The SEO Collaboration Effect
kristinabergwall1
1
500
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
1
2.8k
Accessibility Awareness
sabderemane
1
150
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
201
75k
ラッコキーワード サービス紹介資料
rakko
1
3.8M
The Language of Interfaces
destraynor
162
27k
The agentic SEO stack - context over prompts
schlessera
0
840
Transcript
WebWeekend Kathmandu
Perfectly Securing Node.js APIs
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup From Sri Lanka !
?
Cookie vs Tokens
Cookie vs Tokens
Cookie Tokens Statefull Stateless Performance Decoupled
Advantages of JWT → Stateless → Scalable → Decoupled
Advantages of JWT (Cont) → Cross-Domain → CORS
Use cases JWT (Cont) → Back-end APIs → Serverless Applications
→ IOT Devices → Mobile Applications
Things to Remember → JWTs are encoded not encrypted! →
This does not mean they can modify it though, even the slightest change will invalidate the token → Do not store sensitive information within a JWT. → Solution: JSON Web Encryption allows you to safely encrypt the claims of a token
JWT Token Structure header.payload.signature
Header Type of token and hashing algorithm → HMAC →
ECDSA → RSA
Payload Your Token Payload
Signature Verification of Token
Libraries Almost all languages has JWT implementation.
How to use JWT
Install JWT Library For Node.js and Express.js
Create JWT
Verify JWT
Organizing code → Module based approach. → Configuration in files.
→ Auto load models and routes. → Keep your secret secret.
Config file Keep all changing config strings in one place.
.env file we use dotenv to load .env file.
Shall we move to code work though?
Summery → Some APIs needs to secure → Cookie vs
Tokens → JWT is Stateless, Scalable, Decoupled → How to use JWT with Node.js
Code repository https://github.com/iamchathu/nodejs-api-starter
More Reading https://chathu.me/2017/08/28/jwt-introduction/
None
Thank you !