Learning Outcomes

Core Learning Outcomes

  • Understanding the difference between authentication and authorisation

  • Understand the OAuth authentication workflow:

    • How to get your client ID and client secret, and to set your redirect URI
    • How to use these bits of information to get the authorisation code
    • How to use your code to get your access token
    • How to use your access token to CRUD data using the API

  • Understanding OAuth permissions scopes

  • (Co-)Create a (Hapi) web server that implements the OAuth flow

  • Understand what a user session is and how to manage them

  • Understand the best practices for storing passwords
  • Basic understanding of common attacks and mitigation against them

Bonus Learning Outcomes

  • Understand the differences between JWT-style user sessions and 'regular' cookie session management
  • Implement your third party authentication workflow as a Hapi plugin
  • Use Hapi scopes to prevent un-authorised access to some resources

results matching ""

    No results matching ""