Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

auth-component

Package Overview
Dependencies
Maintainers
1
Versions
35
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

auth-component

An Authenication Component for DoneJS

  • 0.1.3
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
2
decreased by-80%
Maintainers
1
Weekly downloads
 
Created
Source

auth-component

A Collection of Authentication Tools for DoneJS.

The <token-auth> component

The token-auth component makes it easy to implement JWT-based authentication for your application.

<token-auth {^auth}="session"
    key-location="authToken"
    login-endpoint="http://localhost:8080/login"
    username-field="email"
    {(loading)}="loading"
    remember-me >
</token-auth>

Available attributes include

  • key-location - The name of the location where the token will be stored in either SessionStorage or LocalStorage.
  • login-endpoint - The url used to POST login data.
  • username-field - used customize what parameter is sent to the server. default is username.
  • remember-me - Determines the longevity of the stored token. If enabled, the token will be stored in LocalStorage instead of SessionStorage.

The token-auth component includes a loading indicator and a basic login form that overlay your application. Future improvements will allow you to customize the template.

token-auth component

The <session-auth> component

Coming in a future release.

Which type of authentication should I use?

JWT auth, when executed correctly, is superior to cookie/session auth in a couple of potentially big ways:

  • It's more secure. Due to the way that browsers were designed to handle cookies, they are vulnerable to XSS attacks. By not using cookies, these cookie-based attacks can be avoided.
  • It's more efficient. Many cookie/session auth implementations require more communication with a database server to retrieve user data for the verification process. JWT tokens store that data inside the encrypted token, which eliminates the extra round trip to the database.

One caveat to using token auth is that DoneJS's server-side rendering will not have access to the token. This limits the server-side rendered parts of your app to information that is publicly available. Your templates will still be able to be rendered on the server. Any user-specific data will need to be requested by the browser.

Security

This information isn't a comprehensive guide to security, but hopefully can be helpful in helping you to secure your application. If is other information that you think should be included here, please open an issue or submit a PR.

If you see room for improvement in any of the provided modules, whether in features or in security improvements, please help out the community by opening issues or submitting a PR.

Keywords

FAQs

Package last updated on 19 Nov 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc