React Course Auth
General Authentication notes
There are generally two types of authentication: email/password and OAuth.
- Store record in DB
- When user logs in, compare email/pw with DB storage
- User logged in when correct
- Auths with outside service provider
- Auths app to access information
- Outside provider tells us about user
- We are trusting the outside provider to correcty handle ID of user
- Can be used for user ID + us making actions on user's behalf
OAuth generally will require you to request scope for information.
OAuth Servers vs JS Browser apps
For the server:
- Results in a 'token' that a server can use to make requests on behalf of the user.
- Usually used when we have an app that needs to access user data when they are not logged in
- More difficulty in setting up (need to store a lot about user)
For JS Browser apps:
- Results in
token that a browser app can use to make requests on behalf of the user
- Usually used when we have an app that only needs to access data while logged in
- Easier to setup