From the course: Node: Authentication
Join today to access over 24,800 courses taught by industry experts.
Ensuring object level authorization
From the course: Node: Authentication
Ensuring object level authorization
- [Instructor] Did you figure it out? Well, let's look at the routes again. So I'm heading into API to do list index chairs. And there we have this update route. We know that everything on the slash to do list is protected by a password. So if you look into index chairs, we see that down here where we have a mount slash to-do list, you're using passport authenticate. So there is no doubt that the user that ends up with their request on the slash API slash to-do list has a valid JWT token. And from then on, we trust the user blindly. So everyone that has an account must be a good person because the update and the delete route, delete or update an item without even checking if this item belongs to the user. So let's look at the portrait again. So we get this item ID, and then we just do this update by providing the item ID that we got by request arguments, and we send the body with the data that should be updated. And the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Using Passport.js for authentication1m 55s
-
(Locked)
Implementing local authentication with Passport.js16m 18s
-
(Locked)
Securing routes4m 24s
-
(Locked)
Set up and understand the ToDo list sample application6m 9s
-
(Locked)
Authenticating API calls8m 5s
-
(Locked)
Creating and sending JWT tokens8m 3s
-
(Locked)
Implementing JWT authentication with passport15m 29s
-
(Locked)
Ensuring object level authorization4m 25s
-
-
-