Playing: 336: How To Build Your Own Auth
Aug 2nd, 2021
Hasty Treat - Git the Latest - New Things In Tech - CoPilot, Petite Vue, Stackblitz, Web3 + More!
Jul 21st, 2021
Potluck - Svelte × Bleeding-Edge Tech × Git Process × Screencasts × Government Jobs × Permissions-Based APIs × Rescript × More!
Jul 5th, 2021
Jun 28th, 2021
Jun 23rd, 2021
Potluck - Web components × Gear × Docker × Web Dev Frameworks × Golden Handcuffs × Browser Testing × SSR React × Code Prediction × More!
Jun 9th, 2021
Potluck - Immutability × Turning Off Your Brain × Types vs Interfaces × Hooks vs Components × Making the Most of Your First Job × Confidence in Svelte × More!
May 12th, 2021
Potluck — Freelancing × Leveraging your experience × Component size × Dealing with mediocrity × How to spend "extra time" × Rust vs Node × Free hosting? × More!
May 5th, 2021
Potluck — Is it worth it to still learn WordPress? × Is Safari the new IE11? × Mobile website testing × Pirated content × Styled components × SSGs × Transitioning to full-time freelance × More!
Apr 7th, 2021
Potluck — Video Hosting × Fake Names? × Portfolio Projects × Monorepos × APIs × TLDs × Recording Tips × More!
Mar 10th, 2021
Potluck — VSCode × Vercel vs Netlify × Models × Mutations × Multi-Vendor Platforms × Websites vs Web Apps × More!
Feb 17th, 2021
Potluck — Do titles matter? × Should clients pay for plugins? × Can I debug my baby? × How we prepare for Syntax × Deno × Learning things quickly × More!
Jan 20th, 2021
Potluck — $100k Dev Jobs × Sponsored Blog Posts × How To Keep Your Skills Up To Date × Libraries vs Custom × Dev Tools × More!
Jan 4th, 2021
Hasty Treat - Hyper Productivity with Keyboard Shortcuts + Window Management
Dec 23rd, 2020
Potluck — New Macs × Podcast Statistics × E-commerce Testing × WordPress × Charging More × Learning Web Dev × More!
Nov 25th, 2020
Potluck - Frameworks vs Libraries × Debugging × CSS Modules vs Styled Components × Resumes × Stress Management × More!
Oct 7th, 2020
Potluck - Is Angular good? × Stencil.js × Self XSS × SVGs in React × Social Platforms for Devs × Project Handoff × Cleaning Knives × More!
Sep 21st, 2020
Hasty Treat - Our First Bucks Made From Web Dev, Teaching, YouTube and Tutorials
Sep 9th, 2020
Tales from Webdev Past - Clearfix × Floats × Cufon × Guestbooks × PNG Fix × More!
Sep 2nd, 2020
Potluck - RIP Firefox? × Safari × Changing Careers × Regression Testing × Google Analytics Alternatives × Malicious Github Users? × Mac vs Windows × More!
Aug 26th, 2020
Potluck - MDX × Portfolio Projects × Code Commenting × CSS Properties × Reusable Components × More!
Aug 19th, 2020
Potluck - Subscriptions × ES Modules in Node × Chicken Thigh × Being a Good Dad × Refactoring × More!
Jul 27th, 2020
Hasty Treat - Target=_blank security issue? What's the deal with noopener and noreferrer?
Jul 22nd, 2020
Potluck - Beating Procrastination × Rollup vs Webpack × Leadership × Code Planning × Styled Components × More!
Jul 6th, 2020
Hasty Treat - Forms, Captchas, Honeypots, Dealing With Malicious Users and the Sad State of Contact Forms
Jun 24th, 2020
Potluck - Libraries vs Frameworks × Firefox × Career Advice For Teenagers × Who Would Win a Thumb War? × More!
Jun 17th, 2020
The Fundamentals Leftovers - Terminal, Shortcuts, View Source, Github + More!
May 27th, 2020
Potluck - Courses for Kids × Sub-Components × Recursion × DB Hosting × Frameworks × Data Structures & Algorithms × More!
Apr 29th, 2020
Potluck Part 2 - Magic GQLess × Are classes dead? × Custom Hooks × Staying Up To Date × CSS × More!
Apr 22nd, 2020
Potluck - Mobile First × Arrow Functions × Deno × JSON APIs × Refactoring Tips × More!
Apr 1st, 2020
Mental Health and Dev ft Dr. Courtney Tolinski - Depression, Anxiety, Imposter Syndrome, Focus, Motivation, Burnout
Mar 25th, 2020
Potluck - Bootcamps × Career Change × Figma × Gatsby × AMP × Mongoose × More!
Feb 26th, 2020
Potluck - Next vs Gatsby × Headless CMS × Vue.js × Is Ruby on Rails still good? × More!
Jan 29th, 2020
Potluck - Dev Culture Fit × Slack Communities × Vanilla JS × Backpacks × Raspberry Pi × More!
Jan 27th, 2020
Hasty Treat - Building A Community Slack, Discord, Spectrum, Discourse, Forums
Jan 20th, 2020
Hasty Treat - Picking the Stack for uses.tech - Gatsby, React, Context, Styled Components
Jan 1st, 2020
Potluck - Fonts × Frameworks × Teas × Coding Subscriptions × Client Work × More!
Dec 4th, 2019
Potluck - Tabs are better? × Coding Music × SEO × Is Angular good? × Biggie Smalls × Soy Sauce × More!
Nov 6th, 2019
Potluck - Gatsby vs Next × Is Google Home spying on you? × Flat File CMS × CSS Frameworks × Hosting Client Sites × More!
Oct 9th, 2019
Potluck - Terminal Configs × CSS Reset × Flexbox × Freelancing × NPM Dependencies × Project Hand-off × More!
Sep 18th, 2019
Potluck - Why Webpack? × Serverless × Agencies × Recruiters × CSS Grid × MQ in Styled Components
Aug 21st, 2019
Potluck - Deploying Applications × Typescript × Live Coding with Twitch × Fullstack Architecture × More!
Jul 31st, 2019
Potluck - What is "State"? × Web Sockets × Remote Working × Firefox × Machines Taking Our Jobs × More!
Jun 26th, 2019
Potluck - Career Switch at 33 × Cover Letters × Kids × Learning Quickly × More!
May 29th, 2019
Potluck - CSS × Angular × Dev job preparation × Svelte × File organization × Gear × More!
May 1st, 2019
Potluck - Media Queries × NPM Vulnerabilities × Fullstack JS vs JAMstack × Web VR/AR × Switching Jobs × More!
Apr 3rd, 2019
Potluck - Interview Qs × Headless CMS × React Hooks × Resume Design × Redux vs Context × More!
Mar 6th, 2019
Potluck - Are classes dead? × Tutorials vs Real Life × CRA vs Next × Scraping × More
Mar 4th, 2019
Hasty Treat - Authentication - LocalStorage vs Cookies vs Sessions vs Tokens
Feb 27th, 2019
How We Manage Our Lives — Notion, Todos, Notes, Focusing, Calendars, Goal tracking, and more!
Feb 6th, 2019
Potluck - Changing careers × Repo organization × CSS Grid × Certifications × Freelancing × Spammers × More
Jan 10th, 2019
Potluck - Where to start with JS × Freelancing × Cron jobs × Split testing × Frameworks in 2019 × More
Dec 19th, 2018
Potluck - Typescript × E-commerce platforms × Job-hopping × Working for agencies × more
Dec 17th, 2018
Hasty Treat - Where are they now?! Gulp, Grunt, Bower, Backbone and Compass
Nov 21st, 2018
Potluck - $100/hr × Redux Replacements × Full Stack Designers × JWT × VS Code Tips × More
Oct 26th, 2018
Potluck - Working with designers × Is WordPress Crap? × When to stop working × More
Aug 29th, 2018
Potluck - Programming Languages × Soft Skills × PHP vs JS × Breakdancing x Spice Blends
Aug 1st, 2018
Potluck - Editor Fonts × Portfolios × Meetup Tips × Switching to Windows × Freelancing Sources
Jul 24th, 2018
The Undocumented Web - scraping, private APIs, proxies and “alternative solutions”
Jul 18th, 2018
Advice For Beginners - Tech Skills, Applying for Jobs, Focus, Imposter Syndrome + More
Jul 4th, 2018
Potluck EP × Remote Work × Headless WordPress × Good Client Questions × Alternate Careers × React API Credentials
May 9th, 2018
Potluck EP × Is Redux Dead × Learning Quickly × Developing Solo × Specialist vs Generalist × Funnest Projects × Wes’ BBQ Course
Apr 18th, 2018
Potluck EP × Vue.js × Headless WP × Typescript & Flow × Productivity × Server Side Rendering × Yeoman
Feb 7th, 2018
Wes and Scott's Lives - Breakdancing, BBQ, Wives, Work/Life Balance, Problem Solving, YouTube Subscriptions
Jan 31st, 2018
Snack Pack — CSS Frameworks, React HOC, Render Props, Coding Designers, Early Career Advice and a sound board!
Jan 24th, 2018
Hosting & Servers — Heroku, Now, Galaxy, Digital Ocean, Linode, Docker, Netlify and more!
Nov 29th, 2017
What's New in CSS? Variables, Scoping, New Selectors and Color Functions
Nov 1st, 2017
22 Buzz Words Explained — Mutations, Pure Functions , Serverless, Hoisting, MVC + More
Oct 18th, 2017
Tasty Treats — Rems VS Ems, Remote Work, Making Money, Getting good at Design + more! 🍬
Mar 17th, 2021
How To Build Your Own Auth👇 Download Show✏️ Edit Show Notes
In this episode of Syntax, Scott and Wes talk about building your own authentication — diving deep into JWT, sessions, tokens, cookies, local storage, CSRF, and how it all works!
Prismic - Sponsor
Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax.
LogRocket - Sponsor
LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.
Hasura - Sponsor
With Hasura, you can get a fully managed, production-ready GraphQL API as a service to help you build modern apps faster. You can get started for free in 30 seconds, or if you want to try out the Standard tier for zero cost, use the code “TryHasura” at this link: hasura.info. We’ve also got an amazing selection of GraphQL tutorials at hasura.io/learn.
01:51 - Overview
- Level Up uses a JWT & secure cookie-based authentication and tracks sessions via a db table.
05:13 - JWT
- Base 64 encoded (not encrypted) token that contains data. We have both
- JWT has three parts:
- What kind of algo was used
- Data about the user
- refreshToken, authToken, sessionId
- This ensures that no one monkeyed with the above parts. If you change your email in the payload, the signature is not invalid, because in order to generate the signature, it uses the header and payload as part of it.
- A short lived JWT that containsthe
userIdand expires after 90min.
- A short lived JWT that containsthe
- A long lived JWT that contains just the
sessionTokenand doesn't expire.
- A long lived JWT that contains just the
- JWT can be decoded and read, but you have to encode them with your secret.
- JWT can be stored anywhere, there are two main places:
20:26 - Cookies
- We use httpOnly, secure cookies to store the accessToken and the refreshToken. The accessToken is a session cookie and is removed whenever the browser is closed. The refreshToken is valid for 100 days but is also re-created and revalidated for 100 more days each time the accessToken is generated.
- Note: Safari has stricter rules than others for same domain cookies (e.g.
34:26 - Sessions
- Sessions are when a user logs in on a device. If you open a phone and log in and a computer and log in, those will create two different sessions. A session contains information about the user's connection (like their IP) but it also contains the userId which allows us to create new accessTokens from a valid session.
- Sessions can be valid or invalid. This allows us to log anyone out by setting their session to valid: false.
- Sessions also have
sessionTokenwhich are generated on authentication or create account.
38:10 - CORS
- Can be super tricky to get working cross-domain
- You usually have to actually visit the website for the cookie to be set, even with lax cors
46:06 - CSRF
48:47 - Authentication process
52:13 - Helper Packages
××× SIIIIICK ××× PIIIICKS ×××
- Scott: Node Fundamentals Authentication - Sign up for the year and save 25%!
- Wes: Advanced React - Use the coupon code 'Syntax' for $10 off!