5 Authentication Authorization Architecture in Browser Applications Yuri Takhteyev, rangle.io http://yto.io @qaramazov +
Authentication and Authorization Architecture in the MEAN Stack
Aug 23, 2014
with Yuri Takhteyev
Yuri will discuss the challenges of authentication and authorization in the MEAN stack. Topics include architecture, best practices for determining client and server responsibilities, and the importance of sharing authorization context with the client logic in order to build an effective user experience. Angular and Node code samples will be used to illustrate.
Presented live at FITC's Spotlight: MEAN Stack event held on March 28th, 2014
More info at FITC.ca
Yuri will discuss the challenges of authentication and authorization in the MEAN stack. Topics include architecture, best practices for determining client and server responsibilities, and the importance of sharing authorization context with the client logic in order to build an effective user experience. Angular and Node code samples will be used to illustrate.
Presented live at FITC's Spotlight: MEAN Stack event held on March 28th, 2014
More info at FITC.ca
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
5 Authentication AuthorizationArchitecturein Browser Applications
Yuri Takhteyev, rangle.iohttp://yto.io@qaramazov
+
Authenticate,Authorize
Protectingclients from:
outsiders
each other
themselves
Display and capture
Authentication
Business logic
Storage
Interaction logic
Interaction logic
AuthorizationServer
Client
Display and capture
Authentication
Business logic
Storage
Interaction logic
Authorization
Business logic
Authentication
Authorization
Authorization
Display and capture
Business logic
Storage
Interaction logic
Authorization
Business logic
Authentication
Authorization
Authorization :-(
Authorization :-)
Who am I?
Cookies vs tokens
Maintaining the state
Passport Local
Social / OAuth
Many Faces of Authorization
By role or activity
By resource instance
Altogether custom
Bottlenecks
Setting Up an API Route
var mapper = koast.makeMongoMapper(connection);
routes = [ ['get', 'robots', user.any, mapper.get('robots', []) ], ['put', 'robots/:robotNumber', user.any, mapper.put('robots', ['robotNumber']) ]];
Restricting Access by Object
mapper.queryDecorator = function(query, req, res) { query.owner = req.user.username;};
mapper.queryDecorator = function(query, req, res) { query.clientId = req.user.clientId;};
Post-Query Filtering
mapper.filter = function(result, req) { if (req.method === 'GET' { return canSee(data, req); } else { return canEdit(data, req); }};
Informing the Client
mapper.clientAuthorizer = function(result, req, res) { result.meta.can.edit = canEdit(result.data, req);};
The Client Side
angular.module('sampleKoastClientApp', ['koast'])
.controller('myCtrl', ['$scope', 'koast', '$log', function($scope, koast, $log) {
$scope.login = function(provider) { koast.user.initiateOauthAuthentication( provider); };
...
The Client Side
...
koast.user.getStatusPromise() .then(function() { if (koast.user.isAuthenticated) { return koast.getResource('robots') .then(function(robots) { $scope.robots = robots; }); } }) .then(null, $log.error);}]);
The Template
<span ng-if="robot.can.edit"> <button>...</button></span>
Thank You.Contact: [email protected] http://yto.io @qaramazov
This presentation: http://yto.io/auth
Koast: http://yto.io/koast
Image Credits
by yewenyi
by striatic
by bible-history
by dunechaser
by nikhilverma
Distributed underCreative Commons AttributionShare-Alike License, v. 2.0
by psd
Related Documents
