In the process of revamping an old (classic) PHP application to a modern Single Page Application, I need to re-write the Authentication module.
This slide is my research on common questions / knowledege about Authentication:
- How the Authentication happened in the old PHP application?
- How it handled expired users, and keep active users connect?
- What is the Oauth2, OpenId
- JWT
- What is 2-Factor authentication? How to implement it?
The most important part is my Refresh-token strategy. The “Refresh Token” automatic renew the tokens of active users so that they will stay connect. I come up with a stateless Refresh-token strategy so that nothing need to be stored or keep track of on the server side (You can go straight to the Slide 14)