0 to Auth in an Hour Using NodeJS SDK

The workshop led by Asaf will focus on adding passwordless authentication to a standard Node application. It includes an overview of basic authentication concepts, the integration of an authentication layer into an existing application, and practical coding sessions.

Participants are expected to have a basic understanding of Node and the Express framework, a GitHub account, an IDE of choice, and Node version 18 or higher.

Passwordless authentication is a security approach that does not require users to enter a password. Instead, it uses alternative methods such as biometrics, magic links, or one-time passwords to verify user identity.

Session management can be handled through server-side sessions where the server stores session data and provides a session ID to the client, or through client-side tokens such as JSON Web Tokens (JWTs), which contain user credentials and are validated by the server with each request.

Asaf discusses three primary types of authentication factors: something you know (like a password), something you have (such as a mobile device), and something you are (like a fingerprint or facial recognition).

Participants will gain a better understanding of authentication workflows, learn to add authentication layers to Node applications, and handle both passwordless and traditional authentication methods.

Refresh tokens are used to maintain a user's authentication status without requiring them to log in multiple times. When an access token expires, a refresh token can be used to obtain a new access token, ensuring continuous authentication.

JWT, or JSON Web Token, is a compact, URL-safe means of representing claims to be transferred between two parties. In authentication, JWTs are used to securely transmit information about an authenticated party and are signed for integrity verification.

Dscope is an authentication platform designed to assist developers in implementing secure authentication methods seamlessly into their applications.