-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication implementation method #16
Comments
@sounak07 Yeah we can for token-based authentication. But, how you have planned to implement social logins when using |
passport.js provides dependencies for social login using jwt. @sounak07 is right it can be done with passport. |
I am concerned about the security of the app if we use token-based authentication, then how we will maintain sessions. If the answer is storing the token in the local storage, then the token can be comprised very easily. What is your opinion on this? |
If u are concerned about XSS, Xss happen when we allow users to input malicious code to our application. We can sanitize all data before letting user interact with our database. I would say let's start with local storage may later we can implement more secure techniques if needed. Please let me know your thoughts @varunzxzx |
@sounak07 Yeah we can sanitize the input. Angular does it automatically but we have to figure it for react(maybe some libraries are already available). As you suggested, let's begin with the local storage we will adopt some more secure way till we reach the production stage. But first, we've to finalise the models at least the |
React already encodes all untrusted cross site references (upto some extent) and using something like cookies also comes with its downfall. So i think it's better to just stick with localStorage and maybe encrypt the data for now. |
Please let me know once the model is finalized, I would like to work on this. @varunzxzx |
what about Google Auth api , is it possible to implement Authentication with it in this. |
I guess google auth would be better , we could actually provide users an option between platforms like google and facebook |
Does anyone work on authentication part. I can contribute |
Is the user model decided yet @varunzxzx so that we can work on auth?? |
I've made an initial model but I'm not able to push it for some reason. I'm
getting an error in one of the files in node_modules
…On May 3, 2018 11:17 PM, "Sounak Gupta" ***@***.***> wrote:
Is the user model decided yet @varunzxzx <https://github.com/varunzxzx>
so that we can work on auth??
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AVSnlvuNhzZbNVQDpWXSggM-vGZ-K4Fbks5tu0LIgaJpZM4Tehbv>
.
|
@Abdulkadir98 Can you describe the issue in our slack channel? |
@sounak07 User model has been added. |
Ok I will start the auth part then @varunzxzx . |
I would like to know how are we planning to implement auth. We can use jwt to implement login system along with social logins. Would like to know what moderators think about this?
The text was updated successfully, but these errors were encountered: