-
Book Overview & Buying
-
Table Of Contents
Full-Stack React, TypeScript, and Node - Second Edition
By :
In this chapter, we added authentication and authorization to the open API we had at the start.
The chapter began with the distinction between authentication (verifying identity) and authorization (checking permissions), mapping these concepts to the 401 and 403 status codes from Chapter 8. JSON Web Tokens provided the mechanism, a three-part structure of header, payload, and signature, with short-lived access tokens paired with long-lived refresh tokens. The jose library handles token creation and verification in our ESM project.
Password security relied on Argon2, the OWASP-recommended hashing algorithm that is memory-hard and resistant to GPU attacks. Zod schemas gave us both runtime validation and compile-time TypeScript types from a single definition. Zero Knowledge Proofs and the OPAQUE protocol appeared as the next evolution, where the server never sees the password at all.
On the data layer, the Prisma schema gained a password field, a Role enum, and a RefreshToken model...