Web Dev Roadmap for Beginners (Free!): https://bit.ly/DaveGrayWebDevRoadmap

Learn how to authorize user roles and permissions in this Node.js & Express authorization tutorial. We'll start by learning the difference between authentication and authorization. Then we'll build middleware for our REST API that authorizes specific roles for data endpoint access.

Subscribe https://bit.ly/3nGHmNn

This tutorial is part of a Node.js & Express for Beginners tutorial series playlist:
https://www.youtube.com/playlist?list=PL0Zuz27SZ-6PFkIxaJ6Xx_X46avTM1aYw

Starter Source Code: https://github.com/gitdagray/express_jwt

Completed Source Code: https://github.com/gitdagray/express_user_roles

How to Authorize User Roles and Permissions | Node.js & Express Authorization Tutorial

(00:00) Intro
(00:05) Welcome
(00:15) Authentication vs Authorization
(01:44) Configure the User Roles
(02:53) Add roles to the user data model
(04:59) Add a user role at registration
(06:01) Add user roles to access token at authentication
(09:09) Add user roles to access token when refreshed
(10:28) Update the verifyJWT middleware to include roles
(13:18) Create the verifyRoles middleware
(19:19) Add the verifyRoles middleware to routes
(22:04) Test routes with Thunder Client
(27:14) A quick note on Thunder Client

JWT References:
Intro to JSON Web Tokens: https://jwt.io/introduction
All You Need to Know About Storing JWT in the Frontend: https://dev.to/cotter/localstorage-vs-cookies-all-you-need-to-know-about-storing-jwt-tokens-securely-in-the-front-end-15id
NPM jsonwebtoken package: https://www.npmjs.com/package/jsonwebtoken
NPM cookie-parser package: https://www.npmjs.com/package/cookie-parser
Deleting Cookies: http://expressjs.com/en/api.html#res.clearCookie
Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/
Cross-Site Request Forgery (CSRF): https://owasp.org/www-community/attacks/csrf
REST Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html

Login References:
Bcrypt: https://www.npmjs.com/package/bcrypt
How to Safely Store a Password: https://codahale.com/how-to-safely-store-a-password/
MDN: HTTP Response Status Codes: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

More References:
Node.js Official site: https://nodejs.org
NPM Official site: https://www.npmjs.com/
Express JS Official site: https://expressjs.com/
MDN CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
NPM CORS: https://www.npmjs.com/package/cors

Follow Me:
Twitter: https://twitter.com/yesdavidgray
LinkedIn: https://www.linkedin.com/in/davidagray/
Blog: https://yesdavidgray.com
Reddit: https://www.reddit.com/user/DaveOnEleven

Was this tutorial about how to authorize user roles and permissions with Node.js and Express JS helpful? If so, please share. Let me know your thoughts in the comments.

#user #roles #authorization