Outline of ideas, concepts to cover, potential projects to write.
- Book with a video for each chapter.
- HTML, CSS, JavaScript
- Front end/client side (Browser)
- Back end/server side (Node)
- REST APIs
- HTTP codes
- Authorization (AuthZ)
- Authentication (AuthN)
- Cryptography
- Headers
- Sessions
- JSON Web Tokens (JWT)
- Identity Provider (IDP)
- Cross-origin resource sharing (CORS)
- Single sign on (SSO)
- Multi-factor authentication (MFA)
- Leaking sensitive data
- Storing unencrypted passwords
- Cross-site request forgery (CSRF/XSRF)
- Cross-site scripting (XSS)
- Cookies
- HTTP Only/Secure/SameSite
- Web Storage
- Local Storage
- Session Storage
- OAuth 2.0
- Client-side app
- Proof Key for Code Exchange (PKCE)
- Implicit grant
- Server-side app
- Authorization Code Flow (Authorization Code grant)
- Client-side app
- OpenID Connect (OIDC)
- System for Cross-domain Identity Management (SCIM)
- Role-based access control (RBAC)
- Create a full-stack application
- Simple front end
- Node/Express back end
- Implements sign up, log in, log out, reset password
- Login 1: Custom username/password login
- Login 2: OAuth 2.0/OIDC with Google/Twitter/GitHub as the SSO IDP (Google OIDC, Google OAuth 2.0)
- Ability to associate SSO to an existing user
- Different roles (admin, user, maybe one more)
- When to use different strategies (for example, PKCE in a client-side only app, session cookies for a BE+FE on the same subdomain, etc).
Awesome! Looking forward to read it (: good luck!!!
https://aaronparecki.com/oauth-2-simplified/
This article made me easier to understand oauth2