Research: opensource authentication token

[TylerNicholls]

-JSON web token Pros

1. Fewer database calls

2. Not terribly difficult to setup

3. Public key can be used across web applications (could be useful if we use same authentication details for Vue and Ionic apps)

Cons

1. Since the whole process revolves around a single key, if access to this key is compromised your entire system is compromised

2. Adds complexity that may not be required for the scale of this project

3. Cannot edit token once its been given (can't update expire time on a token)

4. Extra Challenges

   • Storing the token securely // if not a lot user information is stored in token and can be compromised
   • transporting it securely
   • JWTs Sessions can sometimes be hard to invalidate.
   • Trusting the client's claim.

-Oauth: OAuth allows notifying a resource provider (e.g. Facebook) that the resource owner (e.g. you) grants permission to a third-party (e.g. a Facebook Application) access to their information. Pros

1. Easy and fast for the User to create an account

2. Using facebook or google as resource providers will add security to donors knowing their transactions will go through secure ports.

Cons

1. Potential donors may have issues with social network sites having information on their browsing habits

2. Will Innerfaith sanctuary even be okay with implementing something that allows a resource provider information on their traffic

-Session Variable Pros

1. Not a lot of overhead/easy to implement

Cons

1. User will have to create/register for our website

2. Database becomes a bottleneck and a thing to maintain - essentially an extra query to be done with every request.

[timwilson139]

Check out this: https://www.npmjs.com/package/vue-session

vue session