example page
Posted on October 2, 2021
Tags: javascript
0.0.1 Authflow
- Sign up
- client –{user,pass}–> –bcrypt(pass)–> Save bcrypt(pass)+user to DB
- client <–{JWT}– Server
hash password using bcrypt
bcrypt can increase hash rounds (salt-rounds), slowing time, which resists brute force hash collision attack
login
client input pass —-> compare bcrypt(pass)+user with DB
Server <–{JWT}– Server
0.0.1.1 JWT
- Header - base64
- Payload
- Signature
0.0.1.2 persist auth
- Browser storage
- local storage
- Cookie
- Add “secure”, “httpOnly” “SameSite”
