Implement linkedin authentication with Passport js

[anjula-sack]

Description: In our ongoing efforts to bolster the security and user experience of our application, we are expanding our authentication capabilities to include LinkedIn Authentication. We'll be utilizing Passport.js and JWT (JSON Web Tokens) to facilitate this seamless and secure login method. This enhancement will empower users to effortlessly access our platform using their LinkedIn accounts while ensuring the safety of their credentials through JWT token-based session management.

Tasks:

1. Incorporate the necessary dependencies for Passport.js and JWT in the project to facilitate LinkedIn Authentication.
2. Configure Passport.js to utilize the LinkedIn strategy, enabling authentication through LinkedIn accounts.
3. Develop a user registration endpoint, ensuring the creation of new accounts adheres to robust security measures.
4. Establish a LinkedIn login endpoint that validates users via their LinkedIn accounts and generates JWT tokens.
5. Implement a protected endpoint that mandates a valid JWT token for access, reinforcing the security of sensitive areas.
6. Set up middleware to authenticate incoming requests using Passport.js and the JWT strategy.
7. Implement a user-friendly logout feature to invalidate tokens or sessions as needed.
8. Create a robust password reset functionality, catering to users who require password retrieval.

Acceptance Criteria:

• Users should have the capability to register and create new accounts securely.
• Users should be able to access our platform using their LinkedIn accounts, receiving a JWT token for subsequent authenticated requests.
• Access to the protected endpoint should be strictly limited to those with a valid JWT token.
• JWT tokens must undergo meticulous validation, with expired or invalid tokens being promptly rejected.
• Users should be able to log out, effectively invalidating their session or token.
• Our password reset functionality should be a secure and straightforward process for users.

Additional Information:

• Adhere to industry best practices for security, including robust password hashing and the secure handling of JWT tokens.
• Thoroughly document the authentication API endpoints, encompassing essential input parameters and response formats.
• Implement comprehensive error handling for various scenarios, such as invalid credentials or expired tokens.
• Ensure the utmost care in handling users' personal information obtained from LinkedIn, strictly following privacy regulations.
• Provide detailed setup and configuration instructions for LinkedIn Authentication within our application.
• Offer clear instructions for testing the authentication endpoints, aiding in verifying the functionality.

Related Dependencies or References:

• Passport.js: link to documentation
• JWT: link to documentation
• LinkedIn OAuth 2.0: link to documentation

[YoshithaRathnayake]

@anjula-sack Will I able to work on an issue like this? Want JS?

[dilankavishka]

Shall I work on this issue please? @anjula-sack

[anjula-sack]

Shall I work on this issue please? @anjula-sack

sure go ahead