Milestone # 2: Upgrade authentication && api lessons

[01zulfi]

READ THIS: this is an informal outline for Milestone # 2. this is a living issue i.e. I'll keep editing over. this is not indicative of what the final version of the lessons might cover or where its placed in the course. please refer to the lesson issue for specific details.

---

---

GOAL: upgrade auth & api lessons

introduction to auth lesson

• why webapps need auth
• what is auth vs authorization
• auth schemes we'll cover in the curriculum

session based auth lesson

• implement session based auth from scratch, we can discuss how much hand holding we want the lesson to be. EDIT: we won't be too much handhold-y here and trust our learners to figure it out. the lesson will cover high level concepts of session auth with a few code snippets thrown in
• dive into persisting sessions in the database
• explore cookies and its options i.e. 'secure' 'http-only'. most likely will be a separate lesson
• password hashing. preferably a separate lesson, it could be after members-only project, needs discussion

members only project

now learners get to cover members-only project, but its requirements will be revised. It will just be a mini message board project with auth. No rbac i.e. admin. Primary objective of this project will be for learners to implement session auth

private events project

here we ask learners to implement rbac where a user can be "site admin", "event creator", "event attendee", "event speaker". we could instruct to implement separate logins

now they continue learning Prisma and file uploader project

restful apis lesson

• restful apis and how to write them guide, covers stuff like http methods, url conventions

[insert new project here]

add a small project here for learners to practice restful apis

json web tokens lesson

• implement jwts from scratch, again it can be discussed how hand holdeyy we want to be
• handle cors: preferably a separate lesson

[insert new project here]

we could add another small project here for learners to run jwt before diving into refresh tokens

Refresh tokens lesson

• imo we need to cover refresh tokens in the curriculum

blog api project

now learners proceed to the blog api project

sessions vs jwts lesson

• could be a fun lesson, can be discussed

helpful libraries for auth lesson

• here we can cover Passport.js, Lucia or whatever we like

[github-actions[bot]]

This issue is stale because it has had no activity for the last 30 days.