Introduction

Authentication is a process to identify user's identity and grant them access to the resources provided by application. In backend development,
authentication plays a major role to grant or restrict users to access specific resources.

Authentication can be done in two ways: -

• Token-Based Authentication.

• Session-Based Authentication.

Here we'll talk about Token Based Authentication.

Token-Based Authentication

Token-based authentication is a widely used security mechanism to offer robust experience to users without compromising with the security.

In the token-based authentication, when user logged in server generates unique token for users. After server generates the token, it will be sent to client and stored on client's system locally. Whenever client makes a request, this token go with each request to verify the identity of user.

Authentication Process

1. REQUEST- When user login to the application, browser made a request to server with user credentials.

2. VERIFICATION - When request comes to the server it validates the user and generates a secret key known as token and send it to user via HTTP.
   Generally, the token is sent in a JWT [jsonWebTokens] open standard that consist of a header, payload, signature.

3. VALIDATE TOKEN - When user receives the token secret code it saves on client's browser as it helps to verify identity whenever user makes a request. this token is short lived have a life span of 15-60min and this token is also known as access token code. If user unable to use access token code, then it will request for refresh token code which stays in system for 3-4 days.

4. RESPONSE - When the validation is done then token grants or restrict user to access specific content.

Example
Let's take an example, we'll implement token-based authentication using register and login methodology.

First, we will create functionality for Register module for a user:-

STEP1: - Register User
Register uses collects data from user to create account

// FIRSTLY, WE'LL SELECT THE REGISTER FORM
const form = document.querySelector(".register");

// ADDING EVENT LISTENER TO FORM TO COLLECT THE VALUES FROM USER
form.addEventListener("submit", (e) => {

  e.preventDefault();
  const username = e.target.username.value;
  const email = e.target.email.value;
  const password = e.target.password.value;

});

STEP2: - Encrypting the password

Before saving user's data to database, we first need to encrypt the password for security purpose then save it to database.

For encrypting the password, we use npm package bcrypt.

Firstly, we need to install the package by writing in terminal: -
npm install bcrypt

Now, we'll hash the password like this

// FIRSTLY, WE'LL SELECT THE REGISTER FORM
const form = document.querySelector(".register");

// ADDING EVENT LISTENER TO FORM TO COLLECT THE VALUES FROM USER
form.addEventListener("submit", (e) => {

  e.preventDefault();
  const username = e.target.username.value;
  const email = e.target.email.value;
  const password = e.target.password.value;

});

bcrypt.hash is a function which hashes the password with salt rounds. It generates different hashed key every time weather any of two users have same password.

Login functionality

When any user try to login, it retrieves hashed password from database and compare it with password given by user during login

//  IMPORTING BCRYPT MODULE
const bcrypt=require('bcrypt');


// ASSIGNING USERS PASSWORD 
const plainPassword=userPassword

// ENCRYPTING PASSWORD
// BASIC SYNTAX
// bcrypt.hash(plainTextPassword,salt_rounds)

const hashedPassword=bcrypt.hash(plainPassword,10);

if(!hashedPassword){
    throw new Error('Enable to generate password')
}

// NOW WE WILL SAVE USER DETAILS AND PASSWORD TO DATABASE
console.log('Hashed Password is : ',hashedPassword)

The above is the detailed content of Authentication System Using NodeJS. For more information, please follow other related articles on the PHP Chinese website!