Learning Outcomes
Core Learning Outcomes
Understanding the difference between authentication and authorisation
Understand the OAuth authentication workflow:
- How to get your client ID and client secret, and to set your redirect URI
- How to use these bits of information to get the authorisation code
- How to use your code to get your access token
- How to use your access token to CRUD data using the API
Understanding OAuth permissions scopes
(Co-)Create a (Hapi) web server that implements the OAuth flow
Understand what a user session is and how to manage them
- Understand the best practices for storing passwords
- Basic understanding of common attacks and mitigation against them
Bonus Learning Outcomes
- Understand the differences between JWT-style user sessions and 'regular' cookie session management
- Implement your third party authentication workflow as a Hapi plugin
- Use Hapi scopes to prevent un-authorised access to some resources