Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

User Authentication With Express and Mongo

Well done!

You have completed User Authentication With Express and Mongo!

Sign up for Treehouse Back to Library

Next Steps

3:42 with Dave McFarland and Jonathan Foster

There's even more to explore in the realm of authentication, too much to cover in a single course. However, in this video I'll highlight some different options you could use to add authentication to your apps.

Authentication Resources

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Congratulations on creating an authentication system in node.js 0:00
    using Express and Mongo DB. 0:04
    Now I've covered a lot of concepts and we've written a lot of code. 0:07
    There's even more to explore in the realm of authentication. 0:10
    Too much to cover in a single course. 0:14
    However in this video, I'll highlight some different options you could use to add 0:16
    authentication to your apps. 0:19
    There are a collection of links in the teacher's notes for 0:21
    you to reference after this video. 0:24
    First, I want to make note of how we can improve the security of our application. 0:27
    When a user is logging in, you don't want their username and 0:31
    password transferred freely from their browser to your server. 0:35
    Someone along the way can intercept the traffic and get those credentials. 0:39
    The same is true when a user signs up, disclosing personal or 0:43
    financial information. 0:46
    On any site that uses authentication, you should serve your site via HTTPS. 0:48
    The S on the end stands for secure because it uses TLS, or transport layer security. 0:54
    This means that the data being transferred is encrypted. 1:02
    Which prevents our users' information, from being intercepted and deciphered. 1:05
    In fact, these days many sites use HTTPS for all requests and 1:10
    responses, not just for form data. 1:15
    To use HTTPS you'll need to acquire a certificate signed by a trusted source to 1:18
    verify the security of the website. 1:23
    You can get a certificate for free from Let's Encrypt. 1:26
    Check the teacher's notes for a link to their website. 1:29
    It requires some set up on your server to use your free certificate. 1:32
    They explain how on their website. 1:35
    In addition, there are other ways to add authentication to an expressed site. 1:38
    The cookies and sessions method we created is just one way, but 1:42
    there are many others. 1:46
    For example, 1:47
    you can add authentication to a site using what's called token based authentication. 1:48
    When a user submit their credentials to log into the website, 1:53
    the server responds with a token that allows a user to request various resources 1:56
    without submitting their username and password again. 2:02
    That token can then be offered to the server with each subsequent request 2:05
    to allow the user to gain access to a specific resource. 2:10
    If you've ever signed in to a site using your GitHub, Facebook or 2:14
    Google account, you've used token-based authentication. 2:17
    It's another way of gaining the functionality we achieved with 2:21
    sessions and cookies. 2:24
    Instead of using a session ID to look in the session object for 2:25
    our users information, we can access it from a token generated by the server. 2:29
    Two popular approaches to token-based authorization are o-op and 2:34
    JSON web tokens. 2:38
    You can find more information about each in the teacher's notes. 2:40
    Finally, another popular option for 2:44
    adding authentication to an express app is Passport. 2:46
    Passport is middleware that supports a wide variety of authentication strategies. 2:50
    You can include the passport middleware and 2:55
    authenticate with a username and password. 2:57
    Passport also lets users sign up and log in using third party sites like GitHub, 3:00
    Twitter, Facebook, Google, and Instagram among many others. 3:05
    After you install the passport package and require it in app.js, you can then 3:09
    use the middleware to authenticate with the strategy of your choice. 3:14
    There are many options available for 3:18
    customizing an authentication strategy with Passport. 3:20
    And you can see how to implement Passport via their documentation. 3:23
    Check the teachers notes for more information on it and 3:27
    a link to a treehouse workshop. 3:29
    Now you know more about authentication, sessions, cookies, encryption, and 3:32
    how to use Express middleware. 3:36
    Thanks for joining me in this course. 3:38
    Have fun and keep programming 3:40

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up