Implement authentication

[sedge]

ESTIMATE: 25 hrs DUE: Sunday, March 8th COMPLETION DATE: Day Month Date TOTAL HOURS: ASSIGNED: Yoav BLOCKS: TBD BLOCKED BY: None

Our application will use token-based authentication for authorizing the user. This has to be configured on the server side first, and incorporated into our RESTful API.

We'll be using passport for this.

[Plumpernickel]

@sedge, some food for thought:

1) Cookies vs. JWT and Why You're Doing it Wrong (non-biased comparison of cookies vs. jwt) 2) npm module for oauth tokens using passport 3) Cookie vs. JWT DFD 4) Cookies are bad for you

[sedge]

@yoavgurevich You've convinced me that we need to consider this carefully. I find the resources you provided overwhelming - do you understand JSON web tokens well enough to explain them? Otherwise my instinct is more research is needed.

[Plumpernickel]

A great article that explains the concept by itself, and also how to implement it using node.js and front end frameworks. Bam: Using JSON Web Tokens with Node.js

[sedge]

@yoavgurevich After doing some research on the topic, I think that tokens and sessions are equivalent in terms of difficulty in securing. I also think that tokens are easier to scale, which is a strong argument. Tokens it is!