0 to Auth in an Hour Using NodeJS SDK

Rate this content
Bookmark

Passwordless authentication may seem complex, but it is simple to add it to any app using the right tool.


We will enhance a full-stack JS application (Node.JS backend + React frontend) to authenticate users with OAuth (social login) and One Time Passwords (email), including:

- User authentication - Managing user interactions, returning session / refresh JWTs

- Session management and validation - Storing the session for subsequent client requests, validating / refreshing sessions


At the end of the workshop, we will also touch on another approach to code authentication using frontend Descope Flows (drag-and-drop workflows), while keeping only session validation in the backend. With this, we will also show how easy it is to enable biometrics and other passwordless authentication methods.


Table of contents

- A quick intro to core authentication concepts

- Coding

- Why passwordless matters


Prerequisites

- IDE for your choice

- Node 18 or higher

This workshop has been presented at Node Congress 2023, check out the latest edition of this JavaScript Conference.

FAQ

Dscope is an authentication platform designed to assist developers in implementing secure authentication methods seamlessly into their applications.

The workshop led by Asaf will focus on adding passwordless authentication to a standard Node application. It includes an overview of basic authentication concepts, the integration of an authentication layer into an existing application, and practical coding sessions.

Participants are expected to have a basic understanding of Node and the Express framework, a GitHub account, an IDE of choice, and Node version 18 or higher.

Passwordless authentication is a security approach that does not require users to enter a password. Instead, it uses alternative methods such as biometrics, magic links, or one-time passwords to verify user identity.

Session management can be handled through server-side sessions where the server stores session data and provides a session ID to the client, or through client-side tokens such as JSON Web Tokens (JWTs), which contain user credentials and are validated by the server with each request.

Asaf discusses three primary types of authentication factors: something you know (like a password), something you have (such as a mobile device), and something you are (like a fingerprint or facial recognition).

JWT, or JSON Web Token, is a compact, URL-safe means of representing claims to be transferred between two parties. In authentication, JWTs are used to securely transmit information about an authenticated party and are signed for integrity verification.

Refresh tokens are used to maintain a user's authentication status without requiring them to log in multiple times. When an access token expires, a refresh token can be used to obtain a new access token, ensuring continuous authentication.

Participants will gain a better understanding of authentication workflows, learn to add authentication layers to Node applications, and handle both passwordless and traditional authentication methods.

Asaf Shen
Asaf Shen
63 min
10 Apr, 2023

Comments

Sign in or register to post your comment.

Video Summary and Transcription

This Workshop focuses on adding passwordless authentication to a node application, covering basic authentication concepts and the importance of authentication for application security. It explores session management using server-side sessions and client-side tokens like JWTs. The Workshop demonstrates the implementation of various authentication methods, including one-time password and OAuth. It also discusses the validation and refreshing of session tokens, as well as the customization of authentication methods and the storage of public keys for multiple instances.

1. Introduction to Authentication Workshop

Short description:

In this workshop, we will be adding passwordless authentication to a standard node application. We will cover basic authentication concepts, the importance of authentication for application security, and how to incorporate authentication into a node application. By the end of the workshop, you will have a better understanding of the authentication workflow and be able to add authentication to your own applications.

Let me start with introducing myself. My name is Asaf. I'm a software engineer at Dscope. Dscope is an authentication platform that helps all developers facilitate authentication in a secure manner.

In the next workshop, we are going to add a passwordless authentication to a standard node application. We are going to start by overviewing some basic authentication concepts and basically to go over the flaws that we are going to add. This is like a background and knowledge that needs to that we need to acquire in order to incorporate the authentication properly. And this will probably take about 15 minutes and in the rest of the time, we are going to take an existing application and it's the authentication layer for it.

If you ask what's in it for me in this workshop. So I believe that by the end of the workshop, you will be you have a better understanding of the authentication workflow. This is something that may seem a bit intimidating at start, but I think it's quite simple if you go over it well. And maybe more importantly, I think you will be able to take a standard of application and add authentication on top of it. If you have any node application, you can take it and add authentication in a few steps.

Like I said before, we start with the core concept and afterwards we are going to do the coding and I'll give more information about that later. Hello to the person who wrote the chat. I'm very excited as well. I'm going to assume that you have a basic understanding on Node and the Express framework. The application is written in TypeScript. So, probably if you also know JavaScript, I think it's enough. We don't heavily use TypeScript, but the Node application will be written in TypeScript. Also, just to prepare for the coding session, if you want to do it on your own, you should have a GitHub account, any ID that you choose to code on, and Node version 18 or higher. So, this is up to you, but of course, I'm going to do it here, so this is optional, of course.

Let's start with covering the very basic concept. So, what is authentication? What authentication is? The way I see it, authentication process is basically verifying someone's identity. The internet is a very distributed place, so if someone on another machine says that there are some someone, whether it's a user or a system or a device, they basically have to prove it before they want to access the application, the application, specific resource on the application or the system. This is a very, very essential aspect of the application security. And this is a, we use the authentication layer basically to protect our system for unauthorized access. And this is something that is super important in the digital age. There are so many data breaches, identity thefts in the world. Doing proper authentication is crucial for your application security.

2. Authentication Importance and Factors

Short description:

We will discuss the importance of investing in secure applications and the different authentication factors, such as something you know, something you have, and something you are. Additionally, we will explore new factors like geographic and behavioral factors. After verifying the proof and identity, the application grants the user access through a session or token.

And we hear more and more about incidents of unauthorized access. And if we want to write a secure application, we should invest in it. Just as a side note, we have a really good learning center with a lot of graphical assets there. I sometimes go back there and refresh my memory. And there is a link in the presentation which is also going to be shown.

So what are we going to build? And this is more related to the flows that we want to add. If we break down the parts of the steps of authentication, we can basically break it down into two major steps. The first step is when the user wants to access the resource or the application in the first time, they should authenticate. So usually it starts by a user wants to access the resource. He submits some kind of request to access. The user usually provides its identity. This can be more basically an email, a username. Mobile number, social security ID or what? This is very application specific. And a proof is usually something that basically as you prove who you are.

There are a few authentication proof factors that usually they call factors. An authentication factor is basically based on something you know, for example, a password or maybe a security question. By the way, a quick tip in security question, usually if you care about security, don't answer the real information because usually this is something that is very simple to get this information, like your pet name, etc. Another authentication factor is something you have, a very common example for this is a mobile device. So if I send you an SMS with a code, and then you give back the code to me, I can say, this is basically proof that you have a mobile device. And also something you, basically something you are or something you inherit. This is a relatively new factor of biometric information, either with a fingerprint or face recognition. I also heard about solutions that scan iRetina and stuff like this. Did someone have an idea or heard about more authentication factor other than the three that we mentioned? Something you know, something you have, something you are?

So just like, and just to share from our experience, there are somewhat new factors of a geographic factor. So basically, if you log in from a certain geographic location, this is something that usually makes you either suspicious or not suspicious. If you heard about an impossible traveler scenario when a same user accesses the same application from both locations, that basically a person cannot change the location in that amount of time. And another one is behavioral factor. Basically, if you behave in a way that is not suits you, like you access results that you are not used to access or the rate, this is another factor. So basically, after the application gets the proof and the identity, it's verified, basically check that they match. And then the application grants the user access. This access usually grants in a way of a session or a token.

QnA

Watch more workshops on topic

Master JavaScript Patterns
JSNation 2024JSNation 2024
145 min
Master JavaScript Patterns
Featured Workshop
Adrian Hajdin
Adrian Hajdin
During this workshop, participants will review the essential JavaScript patterns that every developer should know. Through hands-on exercises, real-world examples, and interactive discussions, attendees will deepen their understanding of best practices for organizing code, solving common challenges, and designing scalable architectures. By the end of the workshop, participants will gain newfound confidence in their ability to write high-quality JavaScript code that stands the test of time.
Points Covered:
1. Introduction to JavaScript Patterns2. Foundational Patterns3. Object Creation Patterns4. Behavioral Patterns5. Architectural Patterns6. Hands-On Exercises and Case Studies
How It Will Help Developers:
- Gain a deep understanding of JavaScript patterns and their applications in real-world scenarios- Learn best practices for organizing code, solving common challenges, and designing scalable architectures- Enhance problem-solving skills and code readability- Improve collaboration and communication within development teams- Accelerate career growth and opportunities for advancement in the software industry
Integrating LangChain with JavaScript for Web Developers
React Summit 2024React Summit 2024
92 min
Integrating LangChain with JavaScript for Web Developers
Featured Workshop
Vivek Nayyar
Vivek Nayyar
Dive into the world of AI with our interactive workshop designed specifically for web developers. "Hands-On AI: Integrating LangChain with JavaScript for Web Developers" offers a unique opportunity to bridge the gap between AI and web development. Despite the prominence of Python in AI development, the vast potential of JavaScript remains largely untapped. This workshop aims to change that.Throughout this hands-on session, participants will learn how to leverage LangChain—a tool designed to make large language models more accessible and useful—to build dynamic AI agents directly within JavaScript environments. This approach opens up new possibilities for enhancing web applications with intelligent features, from automated customer support to content generation and beyond.We'll start with the basics of LangChain and AI models, ensuring a solid foundation even for those new to AI. From there, we'll dive into practical exercises that demonstrate how to integrate these technologies into real-world JavaScript projects. Participants will work through examples, facing and overcoming the challenges of making AI work seamlessly on the web.This workshop is more than just a learning experience; it's a chance to be at the forefront of an emerging field. By the end, attendees will not only have gained valuable skills but also created AI-enhanced features they can take back to their projects or workplaces.Whether you're a seasoned web developer curious about AI or looking to expand your skillset into new and exciting areas, "Hands-On AI: Integrating LangChain with JavaScript for Web Developers" is your gateway to the future of web development. Join us to unlock the potential of AI in your web projects, making them smarter, more interactive, and more engaging for users.
Using CodeMirror to Build a JavaScript Editor with Linting and AutoComplete
React Day Berlin 2022React Day Berlin 2022
86 min
Using CodeMirror to Build a JavaScript Editor with Linting and AutoComplete
Top Content
WorkshopFree
Hussien Khayoon
Kahvi Patel
2 authors
Using a library might seem easy at first glance, but how do you choose the right library? How do you upgrade an existing one? And how do you wade through the documentation to find what you want?
In this workshop, we’ll discuss all these finer points while going through a general example of building a code editor using CodeMirror in React. All while sharing some of the nuances our team learned about using this library and some problems we encountered.
Node.js Masterclass
Node Congress 2023Node Congress 2023
109 min
Node.js Masterclass
Top Content
Workshop
Matteo Collina
Matteo Collina
Have you ever struggled with designing and structuring your Node.js applications? Building applications that are well organised, testable and extendable is not always easy. It can often turn out to be a lot more complicated than you expect it to be. In this live event Matteo will show you how he builds Node.js applications from scratch. You’ll learn how he approaches application design, and the philosophies that he applies to create modular, maintainable and effective applications.

Level: intermediate
Testing Web Applications Using Cypress
TestJS Summit - January, 2021TestJS Summit - January, 2021
173 min
Testing Web Applications Using Cypress
WorkshopFree
Gleb Bahmutov
Gleb Bahmutov
This workshop will teach you the basics of writing useful end-to-end tests using Cypress Test Runner.
We will cover writing tests, covering every application feature, structuring tests, intercepting network requests, and setting up the backend data.
Anyone who knows JavaScript programming language and has NPM installed would be able to follow along.
Build and Deploy a Backend With Fastify & Platformatic
JSNation 2023JSNation 2023
104 min
Build and Deploy a Backend With Fastify & Platformatic
WorkshopFree
Matteo Collina
Matteo Collina
Platformatic allows you to rapidly develop GraphQL and REST APIs with minimal effort. The best part is that it also allows you to unleash the full potential of Node.js and Fastify whenever you need to. You can fully customise a Platformatic application by writing your own additional features and plugins. In the workshop, we’ll cover both our Open Source modules and our Cloud offering:- Platformatic OSS (open-source software) — Tools and libraries for rapidly building robust applications with Node.js (https://oss.platformatic.dev/).- Platformatic Cloud (currently in beta) — Our hosting platform that includes features such as preview apps, built-in metrics and integration with your Git flow (https://platformatic.dev/). 
In this workshop you'll learn how to develop APIs with Fastify and deploy them to the Platformatic Cloud.

Check out more articles and videos

We constantly think of articles and videos that might spark Git people interest / skill us up or help building a stellar career

Scaling Up with Remix and Micro Frontends
Remix Conf Europe 2022Remix Conf Europe 2022
23 min
Scaling Up with Remix and Micro Frontends
Top Content
This talk discusses the usage of Microfrontends in Remix and introduces the Tiny Frontend library. Kazoo, a used car buying platform, follows a domain-driven design approach and encountered issues with granular slicing. Tiny Frontend aims to solve the slicing problem and promotes type safety and compatibility of shared dependencies. The speaker demonstrates how Tiny Frontend works with server-side rendering and how Remix can consume and update components without redeploying the app. The talk also explores the usage of micro frontends and the future support for Webpack Module Federation in Remix.
Full Stack Components
Remix Conf Europe 2022Remix Conf Europe 2022
37 min
Full Stack Components
Top Content
RemixConf EU discussed full stack components and their benefits, such as marrying the backend and UI in the same file. The talk demonstrated the implementation of a combo box with search functionality using Remix and the Downshift library. It also highlighted the ease of creating resource routes in Remix and the importance of code organization and maintainability in full stack components. The speaker expressed gratitude towards the audience and discussed the future of Remix, including its acquisition by Shopify and the potential for collaboration with Hydrogen.
Debugging JS
React Summit 2023React Summit 2023
24 min
Debugging JS
Top Content
Watch video: Debugging JS
Debugging JavaScript is a crucial skill that is often overlooked in the industry. It is important to understand the problem, reproduce the issue, and identify the root cause. Having a variety of debugging tools and techniques, such as console methods and graphical debuggers, is beneficial. Replay is a time-traveling debugger for JavaScript that allows users to record and inspect bugs. It works with Redux, plain React, and even minified code with the help of source maps.
Making JavaScript on WebAssembly Fast
JSNation Live 2021JSNation Live 2021
29 min
Making JavaScript on WebAssembly Fast
Top Content
WebAssembly enables optimizing JavaScript performance for different environments by deploying the JavaScript engine as a portable WebAssembly module. By making JavaScript on WebAssembly fast, instances can be created for each request, reducing latency and security risks. Initialization and runtime phases can be improved with tools like Wiser and snapshotting, resulting in faster startup times. Optimizing JavaScript performance in WebAssembly can be achieved through techniques like ahead-of-time compilation and inline caching. WebAssembly usage is growing outside the web, offering benefits like isolation and portability. Build sizes and snapshotting in WebAssembly depend on the application, and more information can be found on the Mozilla Hacks website and Bike Reliance site.
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Node Congress 2022Node Congress 2022
26 min
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Top Content
The talk discusses the importance of supply chain security in the open source ecosystem, highlighting the risks of relying on open source code without proper code review. It explores the trend of supply chain attacks and the need for a new approach to detect and block malicious dependencies. The talk also introduces Socket, a tool that assesses the security of packages and provides automation and analysis to protect against malware and supply chain attacks. It emphasizes the need to prioritize security in software development and offers insights into potential solutions such as realms and Deno's command line flags.
Webpack in 5 Years?
JSNation 2022JSNation 2022
26 min
Webpack in 5 Years?
Top Content
In the last 10 years, Webpack has shaped the way we develop web applications by introducing code splitting, co-locating style sheets and assets with JavaScript modules, and enabling bundling for server-side processing. Webpack's flexibility and large plugin system have also contributed to innovation in the ecosystem. The initial configuration for Webpack can be overwhelming, but it is necessary due to the complexity of modern web applications. In larger scale applications, there are performance problems in Webpack due to issues with garbage collection, leveraging multiple CPUs, and architectural limitations. Fixing problems in Webpack has trade-offs, but a rewrite could optimize architecture and fix performance issues.