This content originally appeared on DEV Community and was authored by ssekabira robert sims
What is Authentication?
Itβs the process of verifying who a user is.
What is Authorization?
Itβs the process of verifying what a user is allowed to do after logging in.
Step 1: Authentication β Common Methods
β’ Username & Password β Basic login
β’ OAuth β Login via Google, GitHub, etc.
β’ JWT (JSON Web Token) β Popular for token-based auth
β’ Session-Based β Stores session on server with session ID
Step 2: How Login Works (JWT Example)
- User sends email & password to server
- Server verifies and sends back a JWT
- JWT is stored in browser (usually localStorage)
- On each request, client sends JWT in headers
- Server checks token before giving access
Step 3: Authorization Types
β’ Role-Based Access β Admin, Editor, User
β’ Resource-Based β Only owners can edit their content
β’ Route Protection β Block some pages unless logged in
Step 4: Protecting Routes (Frontend Example)
if (!localStorage.getItem('token')) {
window.location.href = '/login';
}
Step 5: Backend Route Protection (Express.js)
function authMiddleware(req, res, next) {
const token = req.headers.authorization;
if (!token) return res.status(401).send('Access Denied');
// Verify token and decode user info
next();
}
Step 6: Common Tools & Libraries
β’ bcrypt β Hash passwords
β’ jsonwebtoken (JWT) β Create & verify tokens
β’ passport.js β Auth middleware
β’ OAuth Providers β Google, Facebook, GitHub
Step 7: Best Practices
β’ Always hash passwords (never store plain text)
β’ Use HTTPS
β’ Set token expiry (e.g. 15 mins)
β’ Refresh tokens securely
β’ Don’t expose sensitive data in JWT
and like for more
This content originally appeared on DEV Community and was authored by ssekabira robert sims