express auth study Flashcards
What is the purpose of the JWT signature?
JWTs don’t make the data unavailable. A JWT signature is generated from the header, payload and a secret key to ensure that no malicious actor has tampered with the data. It is impossible to generate a valid signature without a secret key.
What’s the purpose of auth tokens?
An application uses the access token to gain access to the user’s data from the service API. Auth tokens do not have encryption or decryption properties.
What’s OAuth?
A protocol that allows internet users to grant applications access to their information via a trusted third party.
What is hashing?
Hashing is the process of converting a message of any length into a short, fixed-length string. Hashed values cannot be translated back to their original input values.
What is a rainbow attack?
A rainbow attack involves hashing common passwords and searching for the results in a database.
What’s a cryptographic salt?
A salt is a small, random string or set of bits that gets appended to a user’s password before hashing it, making rainbow attacks very impractical.
What’s Symmetric encryption?
Symmetric encryption uses one value to determine how to encrypt and decrypt data.
What is REST?
Representational State Transfer. It is not a standard, it’s just a convention.
What does JWT stand for?
JSON Web Token
HTTP request methods?
GET - Requests a resource POST - Creates a resource PUT - Updates a resource PATCH - A partial modification to a resource DELETE - Deletes the specified resource
For an Album model, write RESTful endpoints to handle: 1) getting all the resources, 2) creating a single resource, 3) updating a single resource and 4) deleting all resources.
get all resources -> GET /albums
creating a single resource -> POST /albums
updating a single resource -> PATCH /albums/:id
deleting all resources -> DELETE /albums
express.json( )
Built-in middleware that allows you to parse the body of an HTTP request containing data formatted in json.
What’s an express-bearer-token?
Express middleware package that extracts a bearer token from a request.
Express middleware package to implement Cross-site Resource Sharing
cors
Difference between Authentication and Authorization
Authentication is the process of identifying an actor given known credentials
Authorization is the process of checking privileges for an identified actor
Bcrypt
Bcrypt is a strong password hashing algorithm
Asymmetric encryption
Asymmetric encryption uses two keys, a public key to encrypt and a private key to decrypt
