How do bearer tokens work?
- Bearer tokens are typicially provided to an authorized user once their username and password have been authenticated. The bearer token is hashed from some user information with a SECRET. The bearer token can then be used to authenticate the user at various points on the website or even revisits without needing to pass around the username and password information.
Describe express middleware
- Express middleware is any function that executes on the backend between recieving the HTTP request and sending the response. When middleware executes it passes the request object to the next portion of code that needs to execute. If needed it can also modify the request object before sending it on.
What is a JWT?
- JWT stands for JSON Web Token which can be used to generate a bearer token.
role based access control
- Role Based Access Control is a way to implement an Access Control List. Instead of providing specific rules for each user, you generate specific rules for a role, and then assign a role to a user. Then depending on the role that user has the ability to view or execute certain actions within the application.
http cookies source
- An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it back to the same server with later requests. Typically, an HTTP cookie is used to tell if two requests come from the same browser—keeping a user logged in, for example. It remembers stateful information for the stateless HTTP protocol.
Cookies are mainly used for three purposes:
- Session management - Logins, shopping carts, game scores, or anything else the server should remember
- Personalization - User preferences, themes, and other settings
- Tracking - Recording and analyzing user behavior