Please advise me on my own authentication mthods.... #1272
Unanswered
NewUniverseEntrop
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, I want to implement my own authentication before use this library.....
any advise would be awesome...
CreateUser: no security measure
login: check user password with bcrypt then generate csrf token , store token in httponly, samesite cookie with some user data. Store csrf token in localstorage so we can get it from client side. Cookie is signed with secret with some library similar to next-iron-session
requests: all private get/post request will have the client side csrf token sent with it and compare it with the token in the cookie. I do not generate new csrf token ... idk if it is needed.
logout: delete all cookie and tokens.
....
I know that this process does not prevent login csrf attack which i do not really think is a big issue , but i could prevent it by adding public csrf token once user visists the site and compare it with the cookie when user try to sign in ....
Beta Was this translation helpful? Give feedback.
All reactions