How do I Authenticate my Users in Go/TypeScript?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it's quite simple I use off zero it's a great authentication provider saves me a ton of Hassle and work there's still some config I have to do on my end and there's a few caveats so let's talk about it and show you an example so why do I use off zero because personally I don't like storing user super sensitive user data in my own database if I can avoid it if I can avoid having user passwords user credit cards or sensitive user pictures or whatever it is I like to avoid keeping that out of my databases I like to keep that out of my servers out of my issue I know how to do jwts I know how to do custom authentication know how to do bcrypt I know how to manage sessions and all that stuff but I still don't like doing it and the reason is it's liability it's something that you open yourself up to it's another thing to worry about it it's another thing to worry about and personally for my own peace of mind I really like using a provider and the best provider I've found is off zero has great has great compatibility with basically every platform it makes it stupid easy to get everything set up and running so let me show you how that works so as is what seems to be basically Tradition at this point I went ahead and built out a little example app to Showcase how I do this I like putting out these little git repos that will help you out and kind of show you my thought process behind this this is not going to be a detailed dive and tutorial into this whole API and setup that is going to be a more detailed video I'm going to be doing over the next couple days a while ago I put out this video where I was talking about how I like structuring my go apps and stuff like that and a lot of you had a ton of feedback I am super appreciative of that if you are someone who gave feedback there and you know showed me what I was doing wrong gave me more feedback and that kind of thing I have gone I've tried to implement as much but as I can try and understand it learn more I am not right all the time and if I am wrong I want to know tell me that I'm wrong and I will do everything in my power to make it right and that's what I'm trying to do here so I've been trying to take that feedback build an even better sort of template thing here and then I'm going to be releasing a video going over that in a little bit here but for now I'm not going to go over that but I am using that here so you're going to get a preview you can take a look again if there's anything you really hate about it or really don't like let me know but I think this is utilizes the go Concepts a little bit better and I think it's a bit cleaner and I do definitely see a lot of the points you guys are are making so with that out of the way what I want to talk about is how the off zero stuff is actually going to work here so the point of this is not the API the point is the off zero and the off zero lives within a middleware so if I go into my internal and then off I have this auth section here then I have this middleware uh file which is going to contain my middle my auth middleware so what I have up here is this will just allow me to create a new auth middleware so anywhere in my app if I needed to create a new auth middleware I can easily add that and then attach that to any of my roots and handlers however I want to makes it super easy attach it to a group or something like that I'm using fiber for my HTTP framework no that's not the most popular thing in the world but I really like it it's fast it's easy I don't need HTTP too so I don't really care so I'm using fiber here and then I have in here the real meat of this is this validate token so what does this validate token going to do it's basically just going to use some libraries provided by all zero themself to go ahead and validate the token that the end user passes in and then it's going to just you know give me the either the results of that token and then hit the next function and go into the rest of the API or it's going to throw an error and crash so the way that works is I go ahead and I have my config up here this is being read out of my config from I'm using vipre for my config so I have this app.env which has the information in it so I'm reading out my auth zero domain getting my issuer URL and then I'm setting up this JWT validator this JWT validator is the key the key piece here what it's going to do is it's going to take in this provider.keyfunk this provider right here is just a nice little caching provider again this is a package from auth0 themselves it's this awesome jwks it's going to be able to Cache some information and make this a little bit faster it's a nice little thing they provide so you just pass in the key function I'm going to say that I want to use rs256 I need to pass in my issue or URL so I have to do is just take this issue or URL and then turn it into a string and then I need to pass in my audience so since this is an API the way audio does things is you have to pass in you know what are your audiences which is effectively just what tokens uh can we accept here so whenever the token is created it needs to be created with the correct audience on it so I'll show you on the client how we do that it's really really simple so all I have to do is just pass in this slice of strings and all I need to have in here is just a DOT config off your audience and that audience is going to be the audience for my the audience for my API itself and that is configured within the author dashboard I have links in the readme and in the description to the quick start on on both the go Lang back end and the react front end again this I don't want to go too deep into this because it's really basic and easy and you guys can do it on your own there's no real point in me going through and hand holding you through the austero and honestly I think it's probably good for you to go through and actually do that because you should understand your auth understanding your auth is a really important thing so use this little framework and get this framework working and try and figure out how it all works why am I putting also your audience in here why am I putting all zero domain in here these y's are the key to learning this stuff so that's why that's sort of why I'm structuring it this way I know I've logged off fatal Fs in here but you know if I get to this point and I don't have my domain or my audience then the whole app does need to just crash again you could do this a little more elegantly but for now it's fine then up here this is the real meat of it we just grab our auth header here so we grab off our authorization header the typical format that I'm going to be using here is the bear and then some nonsense so I bear and then this giant monstrosity which is the JWT itself so I'm going to grab that off of the header split it into grab the second part here make sure that it's valid if it's not I'll send down a it's an invalid header then we go down here and we validate it so just this JWT validator.validate token we're passing in the context of our servers context is a whole other video and concept for another day but for now I don't really worry about it we just pass in this context and then we pass in the header Parts one which is going to be the token itself we make sure that there's no error if there is one we're going to say hey you're not authorized you pass in an invalid token otherwise I can just print out the token info and then hit C dot next and when I hit C dot next that means that we have a valid user and we can go ahead and actually execute some authenticated route and within my user controller here I am actually going to be using artsci with my user app I'm actually gonna be using this so I have this auth metalware so I'm just creating a new off metal where I'm going to do User Group dot U so when I'm creating this group of users anytime I have a root on the user object it has to be authenticated now so I'm just going to use this new middleware I'm going to go ahead and do User Group dot get me and then I have this profile and all this does if you look at the controllers all it'll do is just pass in a message if you are logged in and that's it I know that there's a lot of boilerplate in here but it makes a lot of sense when you have a database again another video another time I won't get too off topic and uh yeah that's the real key for the back end so what we can do here is if I just do localhost 8080 user slash me hit send and then we get you are logged in I can see the information down here this is the token that I just generated from the Aussie or dashboard you can just do that within the test there's a test panel on there or whatever you just test from there really basic and then I also made a little front end for this so this wouldn't be any use if you can consume this so I made a little react front end for you so right here within this web directory I have this Source it's just a Veet app I use V don't use create react app other content creators have great videos on that I'm not a front-end guy not my domain but just no use Veet so we go over here and then we're going to have within this main this is where really the only interesting thing is going to happen I have this auth zero provider again follow the quick start look I have it linked down below follow the quick start look at it figure out how all this stuff actually works and then look and then come back here and see why I'm doing what I'm doing we're going to have our domain here which is just going to be whatever domain you have for your Osteo project itself your client ID you get that from the console and then this audience needs to match the audience that you had within your server so your server audience and your client audience this awesome your audience needs to match and that's how we validate that these tokens are the same and they're valid to work with each other so you need to make sure that you have this audience in here because you're going to be communicating with that external API this redirect URI just means that when I log out I'm going to come back to basically the root of my app and then I have this app.tsx and within here this is just the boilerplate of create Veet or just making a new vdap and I have up here the use of zero object log in with redirect is authenticated log out and then get the access token the real key here is going to be this get access token silently what I can do is this is asynchronous and I didn't want to set up like react query or anything so it's you know that's one too many npm installs for me so all I did is I just did some callback hell good old-fashioned the old way I just did get access token silently then you get the token then I make a request to 8080 I pass in for my headers authorization bear and then whatever nonsense it spits out matches this exactly makes a lot of sense we go down here that dot then we get the response we turn that response into Json and then we're going to go ahead and just print out the data.message so if I actually show you how this works we go to V react yes so I'm logged in I'll hit log out real quick I will log in real quick continue with Google uh hit that which probably censor those I don't know um and then we just hit show API call and then you are logged in and that is going to come from this server you can see up here we got all this stuff right here and it actually has some different stuff here so this just had a bunch of stuff up here you can see the stuff that's on the JWT so I have that's coming from this is the root and then this is the audience over here and then this is the user ID itself so I actually have my user ID right here you can get more stuff out of this and if you would like to see a deeper breakdown let me know but this is sort of just an introduction to what I use why I use it again I use it because I don't trust myself with tokens in the back end I know I know how to use them but I still it's just a liability and I don't like having so I like using a provider and all zero is by far the best provider I've ever used so that's why I use it again take a look at the uh this little project down below I have instructions within the readme I think it's a really good exercise to go through and actually like do this it'll help you as a Dev you will get better learning the best way to learn is to do so go through and actually do the setup the alt zero account connect everything in and learn why I'm doing everything that'll help you a ton if you enjoyed this make sure you like subscribe do all this stuff and uh have a great day

Info

Channel: Ben Davis (Davis Media)

Views: 14,481

Rating: undefined out of 5

Keywords: Go, Golang, Auth, Authentication, Servers, Backend, Backend Web Development, Tutorial, Example, Programming, JavaScript, TypeScript

Id: Bqdm12qJ_nU

Channel Id: undefined

Length: 10min 21sec (621 seconds)

Published: Fri Jan 20 2023