Hi, there.
I am a junior developer wanting to learn back-end development as I am coming from frontend. I have been learning (through reading and something enrolling in courses) about various concepts in the surface level, but never actually implemented ones.
I am now learning about Authentication and Authorization. I know some basics like I have to hash passwords with bcrypt, and use JWT for authorization so that I don’t have to store anything on the server (like the old fashion way), but I don’t know how to actually implement the system. Now that I have heard the term “refreshing token”, it seems like there’s too much information and I don’t know where to start.
This is why I want to ask these three questions:
- Where can I learn how to implement Authentication and Authorization (and their best practices)? Although my English is not perfect, I am willing to read, but I don’t know where to start.
- Is there any standard I need to focus on complying? I have heard about OWASP, but I am not sure if this is the only standard I need to comply with.
- Do juniors (especially the first jobbers) need to know these things? Or do developers learn when they get to work for a few years?
Please enlighten me.
My current tools: JavaScript/TypeScript (Node.js, Express.js, React.js, Next.js), MongoDB, SQL