Summary
Keywords
Full Transcript
Web Dev Roadmap for Beginners (Free!): https://bit.ly/DaveGrayWebDevRoadmap Learn how to authorize user roles and permissions in this Node.js & Express authorization tutorial. We'll start by learning the difference between authentication and authorization. Then we'll build middleware for our REST API that authorizes specific roles for data endpoint access. 🚩 Subscribe ➜ https://bit.ly/3nGHmNn 🚀 This tutorial is part of a Node.js & Express for Beginners tutorial series playlist: https://www.youtube.com/playlist?list=PL0Zuz27SZ-6PFkIxaJ6Xx_X46avTM1aYw 🔗 Starter Source Code: https://github.com/gitdagray/express_jwt 🔗 Completed Source Code: https://github.com/gitdagray/express_user_roles How to Authorize User Roles and Permissions | Node.js & Express Authorization Tutorial (00:00) Intro (00:05) Welcome (00:15) Authentication vs Authorization (01:44) Configure the User Roles (02:53) Add roles to the user data model (04:59) Add a user role at registration (06:01) Add user roles to access token at authentication (09:09) Add user roles to access token when refreshed (10:28) Update the verifyJWT middleware to include roles (13:18) Create the verifyRoles middleware (19:19) Add the verifyRoles middleware to routes (22:04) Test routes with Thunder Client (27:14) A quick note on Thunder Client 📚 JWT References: Intro to JSON Web Tokens: https://jwt.io/introduction All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs-cookies-all-you-need-to-know-about-storing-jwt-tokens-securely-in-the-front-end-15id NPM jsonwebtoken package: https://www.npmjs.com/package/jsonwebtoken NPM cookie-parser package: https://www.npmjs.com/package/cookie-parser Deleting Cookies: http://expressjs.com/en/api.html#res.clearCookie Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/ Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attacks/csrf REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html 📚 Login References: Bcrypt: https://www.npmjs.com/package/bcrypt How to Safely Store a Password: https://codahale.com/how-to-safely-store-a-password/ MDN: HTTP Response Status Codes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status 📚 More References: Node.js Official site: https://nodejs.org NPM Official site: https://www.npmjs.com/ Express JS Official site: https://expressjs.com/ MDN CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS NPM CORS: https://www.npmjs.com/package/cors ✅ Follow Me: Twitter: https://twitter.com/yesdavidgray LinkedIn: https://www.linkedin.com/in/davidagray/ Blog: https://yesdavidgray.com Reddit: https://www.reddit.com/user/DaveOnEleven Was this tutorial about how to authorize user roles and permissions with Node.js and Express JS helpful? If so, please share. Let me know your thoughts in the comments. #user #roles #authorization
