You are smart. You want a secure app. You also want to be able to setup a system where the authentication is isolated to its own environment. Low and behold, tokens. It's never been a better time to use a token-based authentication scheme, whether that be cloud-based or not.
- CORS - Say goodbye to that monolith. Haven't you always wanted to move to that new hot microservice architecture? Using tokens allows you to send network requests to any server on any domain!
-
Stateless - You no longer need to keep any session information with your back-end. Just store that token in
localStorageand be done with it. The token contains all the information pertinent to invalidating sessions, etc. - Decoupled - We live in a society of SPAs and decoupling the front-end and back-end is the status quo.
As shown in the diagram below there are three main players in this example, the API, the Authentication Sever, and the Client. So, to begin fork or clone this repository. It would be ideal to setup the authentication server and the API in virtual environments.
-
cd authentication_serverthen,pip install -r requirements.txt python server.py
-
cd api, then,pip install -r requirements.txt python run.py
-
cd app, then,npm install - To run,
npm run dev - Server should be running at
localhost:3000
There are only two users currently set up for this contrived example and they are hardcoded into the authentication server, as you can see below. Obviously in a real-world app these would be users inside a databse, or if using something like AWS roles that you have designated.
valid_user_1 = {'username': "test_user_1", 'password': 'Happy123'}
valid_user_2 = {'username': 'test_admin', 'password': 'LessHappy123'}