Chapter 5: Authentication

Basic Authentication: flow
19:53

  1. Login: the user sends a POST request with their login and password
  2. Verification: the credentials are checked to see if they belong to a user
  3. Session ID: the server gives the client a unique session id and stores it to recognise the user
  4. The client presents the cookie with the session id for subsequent requests

We shall focus on Step 2.

Storing passwords and verification
19:53

Passwords should not be stored as plain text in case the database gets compromised.

Hash function

Definition

Hash function
Function that transforms a string into a fixed-size string of bytes. It should be deterministic, non-invertible, be subject to the avalanche effect, and be resistent to collision and pre-image.
Salt
Value that is added to the password before hashing

Bcrypt
19:53

Question

Best practice dictates that a salt be generated randomly each time. Why?

Hash a password

Check a password

Session ID
19:53

After a successful authentication, we need to create a cookie.

Question

How could we do that?

OAuth
19:53

OAuth

With Next.js
19:53

https://nextjs.org/docs/app/building-your-application/authentication