Merge pull request #41 from HackYourFuture/authentication-section

Added authentication section

_sidebar.md

@@ -70,6 +70,10 @@
   - [Setting up a Project](/node-js/setting-up-a-project.md)
   - [DRY, modular server](/node-js/dry-modular-server.md)
   - [Consuming API's](/node-js/consuming-apis.md)
+  - [Authentication](/node-js/authentication.md)
+    - [Registering new users](/node-js/user-registration.md.md)
+    - [Session management](/node-js/session-management.md)
+    - [JWT Tokens](/node-js/jwt-tokens.md)
   - [Templating](/node-js/templating.md)
 - [Databases](/databases/README.md)
   - [SQL](/databases/sql/README.md)

node-js/authentication.md

@@ -0,0 +1,25 @@
+# Authentication
+
+Authentication is the process of verifying the identity of a user, process, or device, to granting access to resources in a system. This process is critical for the security and privacy when multiple users share the same resource. 
+
+For example, when we want to withdraw cash from an ATM machine, we authenticate with our bank card and a 4 digit PIN code. After the authentication, we are entering a special screen that is personal for our bank account and we can only perform actions for that account. Because many users use the same ATM, it is important for such authentication to exist and work well. A failed authentication system may cause security breaches. For example, when a user is allowed to withdraw money from a different bank account. 
+
+Authentication systems are complicated and being researched by many scholars and companies. In this section, we will provide you with the basics on how to implement authentication in your NodeJS application.
+
+
+## Authentication vs Authorization
+While Authentication allows us to verify the identity of a user, Authorization allows us to tell what resources this user is allowed to access to. 
+
+For example, a user can be successfully authenticated by providing the correct username and password combination but with no access to the system. In this scenario, the user successfully passed the authentication process but still got rejected from using the system due to the lack of permissions.
+
+In conclustion, authentication checks **who you are** and authorization checks **what are you allowed to do**.
+
+
+## Types of authentication
+
+There are many ways of implementing authentication:
+
+* Password authentication (ex: email / password combination)
+* Biometric authentication (ex: fingerprints, face scan)
+* Certificate based authentication
+* Hardware based authentication (ex: smart cards, NFC)

node-js/jwt-tokens.md

@@ -0,0 +1,8 @@
+# JWT Tokens
+
+Under construction...
+
+The following video provides a great explanation on what is s JWT token and how it looks like.
+
+{% youtube src="https://www.youtube.com/watch?v=7Q17ubqLfaM" %}{% endyoutube %}
+

node-js/session-management.md

@@ -0,0 +1,2 @@
+# Session management
+Under construction...

node-js/user-registration.md

@@ -0,0 +1,11 @@
+# User Registration
+
+If we would like to build a multi-user application, it is essential to store and track a list of all the allowed users to the application. In addition, we should also implement authentication and authorization.
+* Authentication system will prevent users to impersonate and make actions as other users.
+* Authorization system will prevent users from accessing resources that they are not allowed to be accessed.
+
+## Registration implementation
+
+In order to track the list of users, we often use a `user database`. This database will securely keep all the information about every user that is required for our application. This often includes the authentication credentials such as password.
+
+Explain the topic in detail including images, snippets, videos, ... whatever helps make things clear.