Authentication and Authorization Architecture in the MEAN Stack

5 Authentication AuthorizationArchitecturein Browser Applications

Yuri Takhteyev, rangle.iohttp://yto.io@qaramazov

Authenticate,Authorize

Protectingclients from:

outsiders

each other

themselves

Display and capture

Authentication

Business logic

Storage

Interaction logic

AuthorizationServer

Client

Display and capture

Authentication

Business logic

Storage

Interaction logic

Authorization

Business logic

Authentication

Authorization

Display and capture

Business logic

Storage

Interaction logic

Authorization

Business logic

Authentication

Authorization

Authorization :-(

Authorization :-)

Who am I?

Cookies vs tokens

Maintaining the state

Passport Local

Social / OAuth

Many Faces of Authorization

By role or activity

By resource instance

Altogether custom

Bottlenecks

Setting Up an API Route

var mapper = koast.makeMongoMapper(connection);

routes = [ ['get', 'robots', user.any, mapper.get('robots', []) ], ['put', 'robots/:robotNumber', user.any, mapper.put('robots', ['robotNumber']) ]];

Restricting Access by Object

mapper.queryDecorator = function(query, req, res) { query.owner = req.user.username;};

mapper.queryDecorator = function(query, req, res) { query.clientId = req.user.clientId;};

Post-Query Filtering

mapper.filter = function(result, req) { if (req.method === 'GET' { return canSee(data, req); } else { return canEdit(data, req); }};

Informing the Client

mapper.clientAuthorizer = function(result, req, res) { result.meta.can.edit = canEdit(result.data, req);};

The Client Side

angular.module('sampleKoastClientApp', ['koast'])

.controller('myCtrl', ['$scope', 'koast', '$log', function($scope, koast, $log) {

$scope.login = function(provider) { koast.user.initiateOauthAuthentication( provider); };

The Client Side

koast.user.getStatusPromise() .then(function() { if (koast.user.isAuthenticated) { return koast.getResource('robots') .then(function(robots) { $scope.robots = robots; }); } }) .then(null, $log.error);}]);

The Template

Thank You.Contact: yuri@rangle.io http://yto.io @qaramazov

This presentation: http://yto.io/auth

Koast: http://yto.io/koast

Image Credits

by yewenyi

by striatic

by bible-history

by dunechaser

by nikhilverma

Distributed underCreative Commons AttributionShare-Alike License, v. 2.0

by psd

Authentication and Authorization Architecture in the MEAN Stack

querydecorator

io http

mapper

function

http

query

query

robots

Internet

AAI - Authentication and Authorization Infrastructure...

Visual Authentication - A Secure Single Step Authentication....

12. ASP.net Authentication and Authorization

Configuring Local Authentication and...

Web API authentication and authorization

Kernel Authentication & Authorization for J2EE …...

Authentication and Authorization for Constrained...

Forms Authentication, Authorization, User Accounts, and...

Authentication - University of Southern...

Authentication, Authorization, Accounting Breakout Session

Authentication, Authorization, and Audit Design Pattern...

Client authentication and authorization

Forms Authentication, Authorization, User Accounts, and...

Forms Authentication, Authorization, User Accounts, and .......

Grid Security : Authentication and Authorization

Authentication Authorization and Accounting Configuration...