And Files Implementing Authentication in Installation and Configuration Implementing Endpoints Implementing Authentication Policies Implementing Authentication Guards Integrating Authentication in Hashing Passwords Summary and Final Comments Introduction In the previous chapter of this series you learned how to work with relational data in. You create a model and add a one-to-many relationship between and model. You also implemented the model's endpoints. In this chapter you will learn how to add authentication to a client using a package called First you will implement authentication based on a library called . Next you will secure the passwords stored in the database by using a library to hash them. In this tutorial you will use the one built in the previous chapter. A development environment is required to follow this tutorial. Installed and. If you are using make sure your version is or higher. You can check your version by running in terminal. Optionally install extensions.
The extension adds some really nice syntax highlighting. such as and to run the commands provided in this series. If you don't have a computer for example you can still follow the instru photo editing servies ctions but you may need to modify the commands for your computer. Clone repository endpoint Endpoint gives authentication in response Authentication workflow in protected endpoint Currently this field is stored in plain text. This is a security risk because if the database is compromised all passwords are also compromised. To solve this problem you can hash the password before storing it in the database. You can hash passwords using a cryptographic library. Install it Copy First you will update the and method in to hash the password before storing it in the database Copy This function accepts two parameters the input string to the hash function and the number of hashing rounds also known as the cost factor. Increasing the number of hashing rounds increases the time required to calculate the hash.
There is a trade-off between security and performance here. The more hashing rounds the longer it takes to calculate the hash value which helps prevent brute force attacks. However more rounds of hashing also means more time spent calculating hashes when a user logs in. This Stack Overflow answer has a good discussion of this topic. Another technique called salting is also automatically used to make it more difficult to brute force the hash. Salting is a technique that adds a random string of characters to an input string before hashing it. This way an attacker cannot use a precomputed hash table to crack passwords because each password has a different salt value. You will also need to update the database seed script to hash the password before inserting it into the .