Web Dev Roadmap for Beginners (Free!): https://bit.ly/DaveGrayWebDevRoadmap
Learn how to authorize user roles and permissions in this Node.js & Express authorization tutorial. We'll start by learning the difference between authentication and authorization. Then we'll build middleware for our REST API that authorizes specific roles for data endpoint access.
Subscribe https://bit.ly/3nGHmNn
This tutorial is part of a Node.js & Express for Beginners tutorial series playlist:
https://www.youtube.com/playlist?list=PL0Zuz27SZ-6PFkIxaJ6Xx_X46avTM1aYw
Starter Source Code: https://github.com/gitdagray/express_jwt
Completed Source Code: https://github.com/gitdagray/express_user_roles
How to Authorize User Roles and Permissions | Node.js & Express Authorization Tutorial
(00:00) Intro
(00:05) Welcome
(00:15) Authentication vs Authorization
(01:44) Configure the User Roles
(02:53) Add roles to the user data model
(04:59) Add a user role at registration
(06:01) Add user roles to access token at authentication
(09:09) Add user roles to access token when refreshed
(10:28) Update the verifyJWT middleware to include roles
(13:18) Create the verifyRoles middleware
(19:19) Add the verifyRoles middleware to routes
(22:04) Test routes with Thunder Client
(27:14) A quick note on Thunder Client
JWT References:
Intro to JSON Web Tokens: https://jwt.io/introduction
All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs-cookies-all-you-need-to-know-about-storing-jwt-tokens-securely-in-the-front-end-15id
NPM jsonwebtoken package: https://www.npmjs.com/package/jsonwebtoken
NPM cookie-parser package: https://www.npmjs.com/package/cookie-parser
Deleting Cookies: http://expressjs.com/en/api.html#res.clearCookie
Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/
Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attacks/csrf
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
Login References:
Bcrypt: https://www.npmjs.com/package/bcrypt
How to Safely Store a Password: https://codahale.com/how-to-safely-store-a-password/
MDN: HTTP Response Status Codes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
More References:
Node.js Official site: https://nodejs.org
NPM Official site: https://www.npmjs.com/
Express JS Official site: https://expressjs.com/
MDN CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
NPM CORS: https://www.npmjs.com/package/cors
Follow Me:
Twitter: https://twitter.com/yesdavidgray
LinkedIn: https://www.linkedin.com/in/davidagray/
Blog: https://yesdavidgray.com
Reddit: https://www.reddit.com/user/DaveOnEleven
Was this tutorial about how to authorize user roles and permissions with Node.js and Express JS helpful? If so, please share. Let me know your thoughts in the comments.
#user #roles #authorization