-
Notifications
You must be signed in to change notification settings - Fork 0
Role Based Authentication & Authorization System using JWT.
Calvin Chong edited this page Apr 28, 2023
·
1 revision
The authentication for login here uses JWT, Bcrypt, MongoDB, Next.js Middleware, and of course the Next.js Middleware that intercepts the requests to our URLs. There is currently no support for social authentication - although that might be added as a feature later on.
#User Models and Fields.
#Processes
-- Tokens can be reassigned Middleware has access to cookies in the browser, where the JWT token is stored at the custom key that we provided when the user makes an initial sign in.
--
Authorization is currently done using the token that is added to the JWT token. This adds a known risk that authorization might be improperly assigned and a user that was once authorized will still be authorized after having said authorization removed.