When using JSON web tokens in your application, you’ll find JWT related implementations in different places. For example, creating a new JWT is part of a login route handler. Authenticating an incoming JWT takes place in an authentication strategy. Refreshing a JWT, JWT logout, or token blacklisting are use …
Continue Reading
Security must be a major concern in every application. You should assign rigid security rules for your authentication-related API endpoints. The mini-series “building a rate limiter” here on Future Studio goes through the implementation of a rate limiter. If you didn’t code along in the series, you can grab …
Continue Reading
You implemented refresh token handling for multiple devices in the previous tutorial. The core of that implementation lives in the route handler which assigns the route handler for the refresh token three tasks: find an active refresh token for the incoming input invalidate the incoming refresh token create a new …
Continue Reading
This tutorial extends the previous tutorial on refresh tokens with JWT Authentication for logins on multiple devices. The implementation from the previous tutorial works well for a single login because you allow a single refresh token. As soon as your users log in from different devices, the last login has …
Continue Reading
Authenticating users with JSON web tokens is a convenient strategy. The tokens are self-contained and may include all required information. The server side verifies a token, either trusts its digital signature and proceeds the request handling or declines processing. Two previous tutorials walk you through the process of generating JSON …
Continue ReadingThis is the final tutorial in the “Build a Rate Limiter” series. The rate limiter has all important features to increase your application security. As with any software project, you should put aside time to review and refactor the code. By finishing this tutorial, you’ll push your rate limiter …
Continue Reading
Rate limiting is a security feature that comes with costs you need to manage. For example, once enabled, rate limiting applies to all requests going through your server. This can cause problems when using the rate limiter for both, APIs and web apps. Sending requests to web applications will render …
Continue Reading
Introducing the rate limiter into your web application brings security benefits, but requires extra work to integrate it smoothly. In the previous tutorial, you added support to render a “rate limit exceeded” web view instead of sending a JSON response. The web view to show an exceeded limit was dragging …
Continue ReadingFind interesting tutorials and solutions for your problems.