Dev Starters

Understanding Authentication in Web Applications - part 1

Delve into the basics of authentication

Inshamul haque's photo
Inshamul haque
·

2 min read

Understanding Authentication in Web Applications - part 1

Photo by Markus Spiske on Unsplash

Table of contents

INTRODUCTION

Authentication is the fortress of any web-based application or software. We've all heard of various data breaches, like the 2018 Aadhar data breach and the 2017 Yahoo data breach. These incidents highlight the importance of robust authentication systems. Over the years, authentication methods have evolved significantly. But have you ever wondered what happens behind the scenes during authentication? What are JWTs and sessions, and where are they stored?

You might have come across libraries like NextAuth or Clerk. These are tools that handle authentication by using the concept of tokens behind the scenes. You may have also heard about OAuth—though its backend is quite intricate, we'll cover that in upcoming blogs. So, stay tuned

The Basics of Client-Side and Server-Side Authentication

Let’s start with the basics. In any app, there are two sides: the client side and the server side. Ideally, when a user opens a web app, they should see a login page, assuming they've already registered.

When the user inputs their credentials, the client side should first validate whether the inputs are in a valid format. The server also validates the credentials and then signs them with a token—more specifically, a JWT (JSON Web Token). The server responds to the client, which then stores the token securely, with options like cookies, localStorage, or sessions. We’ll dive deeper into the basics of each in the next blog.

MIDDLEWARES & REQUEST HANDLING

Once the client has securely stored the token, the user is logged into the app. Any subsequent requests sent to the server must include this token so that the server can identify the user each time. This is where the concepts of protected routes and middleware come into play: userA should not be able to see the contents of userB. How do we achieve this? The answer lies in using middlewares.

That’s all for this post! Authentication is a vast topic with many different ways to authenticate users. Feel free to drop any suggestions, improvements, and critiques.

See you next time! We'll explore the intricacies of client-side storage systems in the next blog.

Resources :-

  1. https://jwt.io/introduction

  2. https://blog.greenroots.info/what-is-authentication-and-authorization

authenticationWeb DevelopmentJWT