/poc-authentication

A proof of concept for OAuth 2.0

Primary LanguageJavaScript

Authentication - Proof of Concept

Continuous Integration

Install dependencies

Run $ yarn install in root folder. The project is using yarn workspaces so all packages will have their dependencies installed

Establish Database connection

  • Login to MongoDB Atlas
  • Give access to your current IP address
  • Acquire Database Connection String
  • Set DB_CONNECTION_STRING in .env files

Server Package

It is a Web Server that returns web pages and also exposes and API.

Dependencies/building blocks

  • The web server is build on top of NodeJS using the ExpressJS framework.
  • All request bodies are accepted in JSON format with the help of Express's built in JSON middleware.
  • Routing is done with Express's built in Router
  • Ids in the system are generated by uuidv4 with the uuid npm package.
  • Passwords are hashed and compared using the bcrypt library.
  • access_token is defined by the JSON Web Tokens industry standard RFC 7519 method, implemented by the javascript library, jsonwebtoken. Token secret (AUTH_TOKEN_SECRET) should be defined as an environment variable.
  • Database connection happens via the mongodb node driver. Database connection string (DB_CONNECTION_STRING) should be defined as an environment variable.
  • Environment variables are configured via the dotenv npm package

API Docs

User Registration

POST api/auth/register HTTP/1.1
Content-Type: application/json
Request Body:
  {
    [required] email: string,
    [required] password: string,
  }

Response Status Codes
  400 - Invalid Request
  409 - Email address already exists
  422 - Body validation error
  500 - Internal Server Error
  201 - Registration Successful

400, 409, 500 Response Body:
  {
    message: string,
  }

422 Response Body:
  {
    hasError: boolean,
    emailError: string | "",
    passwordError: string | "",
  }

201 Response Body:
  {
    email: string,
    username: string,
  }

User Login

POST api/auth/login HTTP/1.1
Content-Type: application/json
Request Body:
  {
    [required] email: string,
    [required] password: string,
  }

Response Status Codes
  400 - Invalid Request
  422 - Body validation error
  500 - Internal Server Error
  200 - Registration Successful

400, 500 Response Body:
  {
    message: string,
  }

422 Response Body:
  {
    hasError: boolean,
    emailError: string | "",
    passwordError: string | "",
  }

200 Response Body:
  in case there's an error with the login (username or password is icorrect)
  {
    hasError: boolean,
    errorMessage: string,
  }
  in case the login has been successful
  {
    access_token: JWT,
    refresh_token: string,
  }

Token refresh

POST api/auth/refresh HTTP/1.1
Content-Type: application/json
Request Body:
  {
    [required] refresh_token: string,
  }

Response Status Codes
  400 - Invalid Request
  401 - Access Denied (refresh token incorrect, has already been used, has expired)
  500 - Internal Server Error
  200 - Registration Successful

400, 401, 500 Response Body:
  {
    message: string,
  }

200 Response Body:
  {
    access_token: JWT,
    refresh_token: string,
  }

Client Package

Utils Package

It is a command line interface that has the ability to execute a few database opperations:

  • help - list all the available opperations
  • count users - will return the number of users in the database
  • delete e2e test users - delete all users that start with e2e-test

Uses the NodeJS readline library for user input and connects to MongoDB instance via MongoDB Node Driver

Prerequisites

  • Dependencies must be installed
  • DB_CONNECTION_STRING has to be defined as an environment variable

Run package

  • $ yarn workspace @auth/utils start in order to start Utils CLI
  • $ yarn workspace @auth/utils dev in order to start the development environment

Server package

The project achitecture follows the traditional Client Server Database approach so the server is responsible for exposing an API via ExpressJS .