Extending our server
- https://bitbucket.org/magicchicken/webgameserver/src
- Adding new dependencies to package.json:
- "ejs" - for rendering views
- "passport"
- "passport-local"
- "passport-google"
- "passport-facebook"
- "passport-twitter"
- Adding cookie and session support to our express server
- Adding new views; pages we fill out with code and that the user will see
- layout.ejs - automatically used by the view rendering engine
- login.ejs - Lets you choose which service to log in with
- index.ejs - home page, links you to either the login page or lets you log out
- account.js - must be authenticated to view
- Basically, a combination of several Passport examples linked below!
Sidenote: About Views
Choosing an authentication module for Express
- We could use any other 3rd party authentication library: everyauth, passport, faceplate, connect-auth, etc
- I'm going wtih Passport, which is an authentication framework for Connect and Express. It is extensible through "plugins" known as strategies.
- Why? Because it supports a variety third-party services and the docs/examples looked good.
- Feel free to research and use whatever fits your style/needs.
- The book uses Faceplate in Chapter 20, which might be handy as a guide.
Authentication overview
- In a typical web application, the credentials used to authenticate a user will only be transmitted during the login request.
- If authentication succeeds, a session will be established and maintained via a cookie set in the user's browser.
- If authentication fails, we don't let the user go to any protected pages.
Authentication with Passport
- http://passportjs.org/guide/
- Passport support a whole bunch of third-party services that are out there: Google, Facebook, Twitter, Netflix, GitHub, BitBucket, AOL, Yahoo, etc
- You can also just use basic Username and Password, managed locally.
- For each one you need to configure the middleware and setup the routes.
User Storage
- req.user
- Persistent sessions by serializing the authenticated user to the sesion.
- passport.authenticate() invokes req.login(), which assigns the user to req.user
- Invoking /logout will remove the req.user property and clear the login session
Authenticating a User
- Authenticating requests is as simple as calling passport.authenticate() and specifying which strategy to employ.
- Before asking Passport to authenticate a request, the strategy (or strategies) used by an application must be configured.
Facebook authentication
- Guide: http://passportjs.org/guide/facebook/
- Example: https://github.com/jaredhanson/passport-facebook
- Requires you have a facebook account
- Create a facebook app using the Developers page
- https://developers.facebook.com/apps
- Setup the App Domain and Website with Facebook Login to support localhost testing (see chapter 20, page 389)
Google authentication
- Guide: http://passportjs.org/guide/google/
- Example: https://github.com/jaredhanson/passport-google
- pretty easy
- doesn't seem to have user.id or user.username
Twitter authentication
Local authentication
- username and password are specific to your site
- Need to have storage for them on your own database
- More security concerns managing information on your own site
Others?
- CSS buttons for various sites: http://zocial.smcllns.com/sample.html
Homework
- Add user authentication to your server application that at least works with local testing
- Can you get it working on Heroku?
Next Week
- Authentication while running online through Heroku.
- Persistent session - Storing our session data in our database or with cookies, so the user can stay logged in between sessions.
- Associate our authenticated user account with a user record in our database.
- Associating game data with our user accounts (score, total kills, total deaths, achievements unlocked).
- Updating our user data from our game.