From the course: Advanced Express
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Authentication vs. authorization
- [Instructor] Requiring users to log in can have two purposes. It can be for authentication. This means we want to know who this user is. We implemented that already, and as soon as a user is logged in, request.user contains this information. We also stored this information in response.local so that all templates have access to it. Another reason to ask a user to log in is that we want to restrict or grant access to information depending on privileges a user has. This is called authorization. On the demo project, logged in users have access to a my account page. So it's under the user menu, here under my account. It's simple and only shows some basic information about the currently logged in user. Let's try out what happens if we are logged out and end up on this page, maybe through our browser history. So, let's copy that URL here, and let's log out. And let's head back to this page. We see that we are now presented with an error message because the template is missing the user data…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
Understanding cookies and sessions3m 54s
-
(Locked)
Adding cookies and sessions to Express5m
-
(Locked)
Inspecting the session object2m 18s
-
Introduction to Passport1m 39s
-
(Locked)
Adding Passport to Express3m 55s
-
(Locked)
Setting up an authentication strategy for Passport5m 18s
-
(Locked)
Serializing and deserializing users3m 25s
-
(Locked)
Creating a login form with Passport5m 14s
-
(Locked)
Providing a logout link2m 1s
-
(Locked)
Authentication vs. authorization1m 23s
-
(Locked)
Protecting routes3m 35s
-
-
-
-