-
Learning about Oauth for work watching this - https://www.youtube.com/watch?v=CPbvxxslDTU
- OAuth never passes passwords around but instead authenticates users with
open id connect - OAuth is an authorisation framework and provides a mechanism to authenticate via a central authorisation server
- OAuth never passes passwords around but instead authenticates users with
-
Full workflow will look like the following:
-
-
Auth is authentication( who are you?) and authorisation (can you?).
-
Auth always happens server side (on a per request basis). never client side.
-
You client (e.g a React app) can only understand “who” the user is via server request where the server returns a cookie/token back to client.
-
cookies are usually best as we can use restrict javascript access to cookies
-
All subsequent requests to the sever will contain this cookie and the server can validate wether the client can or cannot access a resource.
-
-
Authorisation workflow usually need to be coupled with a db. Your
Userschema in the database could have aRolefeild with eitherUSERorADMIN. Access to resources subsequent could simply be done by checking this value first.