Advanced

Authentication and Authorization in React

AuthN vs AuthZ, the BFF pattern, cookie auth, OIDC/OAuth2, JWTs and RBAC in React.

Authentication is the process of verifying a user's identity. In real life, a hotel asks for a passport: the document contains claims (name, address, date of birth) and is issued by a trusted authority. In an application, the password plays the role of the passport.

Authorization determines what an authenticated user is allowed to do. At the hotel, the key card grants access to certain areas (your room, the pool) but not all. In an application, access to features is restricted based on the user's claims.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

19 sections
  1. 1 Table of Contents
  2. 2 Core Concepts: AuthN vs AuthZ
  3. 3 Why the Browser Cannot Keep Secrets
  4. 4 BFF: Backend for Frontend
  5. 5 Cookie Authentication
  6. 6 Same-Site Cookies and CSRF Protection
  7. 7 Deployment and Reverse Proxy
  8. 8 OpenID Connect and OAuth2
  9. 9 Authentication Flows
  10. 10 Anatomy of a JWT
  11. 11 Calls to an External API
  12. 12 BFF Styles
  13. 13 Authorization in React
  14. 14 Authorization Data: Approaches
  15. 15 RBAC with a Centralized Authorization API
  16. 16 Flow Diagrams
  17. 17 React Code Snippets
  18. 18 Reference Tables
  19. 19 Best Practices and Key Takeaways

Interested in this course?

Contact us to book it or get a custom training plan for your team.