Chapter 11. Authenticating users, managing sessions, and securing APIs


This chapter covers

  • Adding authentication in the MEAN stack
  • Using Passport.js to manage authentication in Express
  • Generating JSON Web Tokens in Express
  • Registering and logging in a user
  • Securing API endpoints in Express

In this chapter, you’ll improve on the existing application by making users log in before they can leave reviews. This topic is an important one, as many web applications need to let users log in and manage a session.

Figure 11.1 shows where you are in the overall plan, now working with the MongoDB database, Express API, and Angular single-page application (SPA).

Figure 11.1. This chapter adds an authentication system to the application that touches most parts of the architecture, such as the database, API, and front-end SPA.

Your first stop is an overview of how to approach authentication in a MEAN stack application before updating Loc8r one piece at a time, working through the architecture from back end to front end. You’ll update the database and data schemas before upgrading the API and finally modifying the front end. By the end of the chapter, you’ll be able to register new users, log them in, maintain a session, and perform actions that only logged-in users can complete.

11.1. How to approach authentication in the MEAN stack

11.2. Creating a user schema for MongoDB

11.3. Creating an authentication API with Passport

11.4. Securing relevant API endpoints