![\"book-a-demo-loginradius\"](\"/8fce571f703a5970dbb1359a2fe0e51a/book-a-demo-loginradius.webp\")
Marketers are no longer in the business of attracting customers; they're responsible for keeping them engaged. That shift has led to a new role in marketing — user authentication.
\nAuthentication is the process of confirming the identity of a user. In the digital world, it's used to verify that someone is who they say they are and that their information is accurate.
\nIt's an important responsibility because it helps marketers protect their brands from fraud and abuse. From phishing scams to fake reviews, there are many ways scammers try to game the system to steal money or reputations.
\nUser authentication is the process of verifying that a user is who they claim to be.
\nAuthentication is the most important security feature any application can have because it's the gateway through which users interact with your data. Without proper authentication, an attacker could impersonate your users and access sensitive information or perform unauthorised actions on their behalf.
\nMoreover, authentication is often confused with authorization, which determines whether a user has the right to perform an action on a resource. That's why it's best to think of authentication as \"proving you are who you say you are\" and authorisation as \"determining what actions can be performed.\"
\nThis distinction is important because some authentication mechanisms provide very strong guarantees about who can perform certain actions, while others only provide weaker guarantees about behaviour over time. For example, someone who knows your password may be able to access your account now but not later; however, someone who has been issued an RSA token or a biometric fingerprint reader will always be able to access your account until they lose possession of their device or their fingerprint changes significantly enough that their device no longer recognizes them.
\nAuthentication is important in marketing because it helps to ensure that only real users get access to your content and products. If you allow anonymous access to your website or application, then anyone could be a potential customer of your product. However, only those who have registered themselves with you can access your content and services if you use authentication.
\nAuthentication helps marketers in many ways:
\nUser authentication is the process of collecting information about a user's identity to verify that they are who they claim to be. By authenticating users, you can ensure that only authorized users have access to your website or platform. This helps protect your site from fraud, abuse, and other security issues that might arise if it were not securely protected.
\nA Good Read: 5 Ways to Improve Your Customer Verification Process
\nUser authentication allows marketers to better understand who their customers are and what they want. This can help improve the overall customer experience. For example, if you’re an online retailer, it would be helpful to know if a person has purchased from your site before or not so that you can tailor their experience accordingly.
\nWhen prospective customers see that you're taking steps to verify their identities before doing business with them, it sends a signal that you're serious about security and privacy — which can build trust among potential buyers who might otherwise be wary of providing personal information to an unknown entity online.
\nAuthentication tools can help boost conversion rates by reducing the number of duplicate account registrations and false positives. When a user enters their email address or phone number, they'll receive a confirmation code via text or email to verify that they're not registering multiple accounts with the same information. This helps reduce abandoned shopping carts and returns while also increasing conversions.
\nThe best part? You don't need to build any additional forms or create new pages on your site — you can just add a login box and ask people to log in before they give you their feedback. Using user authentication in this way is particularly useful if you're looking for feedback on something specific, like an upcoming product launch or a new feature that's not yet available publicly.
\nCustomer retention is one of the biggest challenges in the industry today. Customers are constantly being bombarded by new products, offers, and promotions. It’s difficult to keep them engaged and coming back to your brand.
\nUser authentication allows marketers to improve customer retention by offering them a more personalized experience. By leveraging user authentication, marketers can tailor their marketing efforts toward their existing customers.
\nBy identifying their users' preferences, marketers can create personalized content that resonates with them based on their previous actions on the site. For example, if someone has visited a certain page before and viewed a certain product, they will likely be interested in related products as well. With this information at hand, it's easier for brands to cater to individual needs by showing them relevant content and products over time that align with their interests.
\nBy improving content personalization and increasing customer satisfaction, marketers can generate more revenue through repeat purchases and referrals from happy customers!
\nAs the world becomes more connected, users have become increasingly more aware of their digital privacy. In fact, according to a recent study from Google and Ipsos, 70% of Americans are concerned about their online privacy.
\nMarketers need to strike a balance between user security and experience when it comes to user privacy. That means providing security services that won't frustrate customers who want to get the most out of their devices and applications.
\n
We’re in an era where rich customer experiences backed with robust identity security is all that user need from businesses. And the same is expected from private sector organizations.
\nHowever, when we talk about citizens’ experience and security, most government and public sector organizations seem impotent to match the level of security and usability.
\nHence, issues about identity management in the government sector linger on that can severely impact citizens’ privacy and information security.
\nSo, what can be the ideal solution to ensure robust identity security without hampering user experience in the public sector?
\nHere’s where the crucial role of identity management comes into play!
\nIdentity management has been a game-changer for enterprises for decades as it helps businesses succeed by ensuring the highest level of security and great user experience.
\nLet’s understand the aspects of leveraging identity management through a reliable customer identity and access management (CIAM) platform for fixing security and usability issues in the public sector.
\nWith population growth and expanding public services, cities must be innovative about providing services to all people without compromising service quality. There is a need for a single platform where all facilities are centralized and customer experience is considered.
\nIdentity management in the government sector is a great way to get started as it can prove a citizen’s identity through diverse government channels without compromising user experience.
\nAs the government invokes the potential of secure digital identities, citizens would access core services and resources without hassle.
\nMoreover, every citizen requires some kind of public service, so securely handling a unique number of identities becomes a tough nut to crack for the government. Here’s where the need for digital identity management comes into play.
\nA smart CIAM (consumer identity and access management) solution like LoginRadius helps public sector organizations manage multiple identities efficiently without hampering user experience.
\nLet’s learn how a CIAM solution like LoginRadius can deliver a flawless digital experience to civilians that pushes overall development reinforced by adequate security.
\n![\"cities-ds\"](\"/55959ff493abbf65ed9d121f735b3b97/cities-ds.webp\")
Invoking the true potential of identity management in the government sector can improve citizens’ experience and eventually play a significant role in reinforcing security.
\nLet’s understand how an identity management system like LoginRadius CIAM helps improve the overall security and privacy of citizens:
\nAuthentication in the public sector is crucial, which eventually requires a robust mechanism to ensure user identities remain secured.
\nLoginRadius offers multi-factor authentication through SMS, automated phone calls, email, security questions, and authenticator apps, allowing you to customize the user experience.
\nDepending on the diverse public sector needs, you can also opt to turn on multi-factor authentication across all customer accounts.
\nOn the other hand, LoginRadius’ risk-based authentication is a non-static authentication system that considers the profile (IP address, browser, physical location, and so on) of a consumer requesting access to the system to determine the risk profile associated with that action.
\nThe risk-based implementation allows diverse web applications to challenge users for additional credentials only when the risk level is appropriate.
\nPasswords can easily be guessed or compromised, especially in the case of elderly individuals who aren’t habitual of maintaining different passwords for different accounts.
\nHence, the chances of account takeovers and compromised identities increase exponentially for elderly individuals.
\nWith passwordless login, you can create a completely frictionless registration and authentication process for citizens, freeing them from the hassle of remembering yet another password.
\nUser-controlled passwords are vulnerable to phishing, credential stuffing, brute force attacks, corporate account takeover (CATO), and more.
\nSo, when there is no password to hack in the first place, those vulnerabilities will automatically decrease.
\nPasswordless Login uses the same global security standards as password-based logins, plus advanced features for added security.
\nWhen it comes to customer identity security and user experience, global brands are already leveraging CIAM solutions to thrive in business success.
\nAnd the public sector and government organizations shouldn’t delay a bit in adopting a reliable identity management system that can ensure robust security for citizens’ crucial information.
\nIdentity management in the government sector can also help resolve issues related to bad user experience.
\n
It is essential to protect your APIs for a secure experience, and JSON Web Token (JWT) authentication allows you to protect your APIs so that an unauthorized person will not have access.
\nThis is a hands-on tutorial to follow. To get the most out of it, ensure you have:
\nDeno is developed in Rust. It is a modern runtime environment for JavaScript/TypeScript and a WebAssembly that uses the Google V8 engine. It is simple and safe. It implements web platform standards and provides web platform capabilities.
\nDeno’s features are intended to enhance Node.js’s capabilities. It’s secure by default, with no access to files, networks, or the environment except explicitly enabled. And it supports both JavaScript and TypeScript out of the box.
\nDeno is a well-thought-out modular system. Apart from its simplicity and high security, there are so many other reasons to use Deno:
\nJSON Web Token, popularly called JWT, is an open standard that offers a concise and self-contained method for securely transferring data between parties as a JSON object. It holds information in an easy-to-access format for developers and computers; the token's compact size makes it simple to send through URL, POST parameter, or HTTP header. It allows two parties — a client and a server — to share information securely. A secret or public/private key pair is used to digitally sign the information in a JWT.
\nAuthentication is the primary use of JWT. It is assigned to a user after they sign in to an application, and with the assigned JWT, a user can request other routes.
\nWithout too many shenanigans, let's start by installing Deno!
\nDeno installation in Windows isn't as smooth sailing as on Mac or Linux. Unlike in Node.js, where you run a command on your terminal, Deno in Windows can be installed using PowerShell, Scoop (a command-line installer), or Chocolatey (a package manager). Click here for the guide on how to install Deno.
\nTo install Deno with PowerShell, open your PowerShell and run the following command:
\niwr https://deno.land/x/install/install.ps1 -useb | iexRelax while Deno is being installed. When completed, exit PowerShell and close and reopen a terminal. The new PATH is activated by closing and reopening the terminal. Now that you have installed Deno, let's check the version of Deno.
\nTo check the version of your installed Deno, run: deno -V
With installation out of the way, let us set up your project. Create a folder DenoAPI_JWT_Auth; you can call it any name you choose. Create an app.ts file and a folder src in your folder.
Inside your src folder, create the following folders: controllers, database, middlewares, routes, schema, and utils.
Your project directory should look as follows:
\nDenoAPI_JWT_Auth
│\n└─src
\n│ └───controllers
\n│ │\n│ └───database
\n│ │\n│ └───middlewares
\n│ │\n│ └───routes
\n│ │\n│ └───schema
\n│ │\n│ └───utils
\n└─app.ts
Next is to create your Oak server. Oak is a Deno middleware system that provides a router middleware for HTTP servers.
\nGo to app.ts, import Application from the Deno Oak URL, create an instance of the application, define your port, and call a middleware, as follows.
app.ts
import { Application } from "https://deno.land/x/oak/mod.ts";\n\nconst app = new Application();\nconst PORT = 8080;\n\n app.use((ctx, next) => {\n ctx.response.body = 'Welcome';\n next();\n });\n\nconsole.log(`Application is listening on port: ${PORT}`);\n\nawait app.listen({port:PORT});Let's quickly run your server: to run the server, use deno run --allow-net app.ts
Deno will always request permission to use your network. --allow-net gives Deno permission to all network calls.
You should see Application is listening on port: 8080
Now, in your routes folder, create a file called allRoutes.ts, and set up your router by importing Router from the oak URL, then create an instance of the router and export the default router.
routes.allRoutes.ts
import { Router } from "https://deno.land/x/oak/mod.ts";\n\nconst router = new Router();\n\nexport default router;Moving on, you need to modify app.ts. So, go to app.ts and import the router. Let the app use router.routes() and router.allowedMethods() methods, then remove the middleware, so it doesn't overshadow the imported routes. The allowedMethods() tells Deno to include all routes by your router.
app.ts
import { Application } from "https://deno.land/x/oak/mod.ts";\nimport router from "./src/routes/allRoutes.ts";\n\nconst app = new Application();\nconst PORT = 8080;\n\napp.use(router.routes());\napp.use(router.allowedMethods());\n\nconsole.log(`Application is listening on port: ${PORT}`);\n\nawait app.listen({port:PORT});You can rerun your app with the same command: deno run --allow-net app.ts
Now, you need to create user data. But before that, let's connect your application to the MongoDB database.
\ndatabase folderconnectBD.tsdatabase.connectDB.ts
import { MongoClient } from "https://deno.land/x/mongo@v0.30.0/mod.ts";\n\n // Connecting to a Mongo Database\n const client = new MongoClient();\n \n const dbString = "DB_String"\n\n await client.connect(dbString)\n \n console.log("Database connected!");\n \n const db = client.database("deno_auth");\n\n export default db;\n With that out of the way, let's create an interface for your database.
\nIn your schema folder, create a file user.ts, import objectId from deno MongoDB URL, then define and export your schema.
schema.user.ts
import {ObjectId} from "https://deno.land/x/mongo@v0.30.0/mod.ts";\n\nexport interface UserSchema {\n _id: ObjectId;\n username: string;\n password: string;\n }Let's play with some logic: go to your controllers folder, and create a file called users.ts. In the file, import your database and UserSchema.
It's not a good practice to store your password in plain text for security reasons. To has your password, let's import bcrypt from the deno bcrypt URL.
\nSo, create a function called signup that takes username and password. Take the user details from the request body, hash the password, and save them to your database.
controllers.users.ts
import db from "../database/connectBD.ts";\nimport * as bcrypt from "https://deno.land/x/bcrypt/mod.ts";\nimport { UserSchema } from "../schema/user.ts";\n\nconst Users = db.collection<UserSchema>("users");\n\nexport const signup = async({request, response}:{request:any;response:any}) => {\n const {username, password} = await request.body().value;\n const salt = await bcrypt.genSalt(8);\n const hashedPassword = await bcrypt.hash(password, salt);\n\n const _id = await Users.insertOne({\n username,\n password:hashedPassword\n });\n response.status =201;\n response.body = {message: "User created", userId:_id, user:username}\n \n};Now, head over to allRoutes.ts in your routes folder, import the signup function from the controller, and create a POST route for signup, as follows.
routes.allRoutes.ts
import { Router } from "https://deno.land/x/oak/mod.ts";\nimport {signup} from "../controllers/users.ts";\n\nconst router = new Router();\n\n//User routes\nrouter.post("/api/signup", signup)\n\nexport default router;Next, create an authentication route that authenticates your user route. The latest version of Deno does not allow a string as a secret key but accepts a cryptokey generated from a Web Crypto API with the generatekey() method of the SubtleCrypto interface.
So, head over to your utils folder, create a file called apiKey.ts, and in the file, generate your key and export it, as follows.
utils.apiKey.ts
export const key = await crypto.subtle.generateKey(\n { name: "HMAC", hash: "SHA-512" },\n true,\n ["sign", "verify"],\n );Now that you have successfully created your key, you can create a user authentication route so that every user that logs in will get authenticated.
\nHead over to user.ts in your controller, import the API key, create a signin function, and write some validation logic to validate that the user exists in your database. If validation is successful, you create a token to authenticate the user.
Now, let's import Deno JWT (djwt) create function from the URL to create a token. When a user logs in, take the id and username, pass the payload into the JWT create function, generate a token, and use the token to authenticate the user.
controllers.users.ts
import db from "../database/connectDB.ts";\nimport * as bcrypt from "https://deno.land/x/bcrypt/mod.ts";\nimport { UserSchema } from "../schema/user.ts";\nimport { create } from "https://deno.land/x/djwt@v2.4/mod.ts";\nimport { key } from "../utils/apiKey.ts";\n\nconst Users = db.collection<UserSchema>("users");\n\n //create a user\n export const signup = async({request, response}:{request:any;response:any}) => {\n const {username, password} = await request.body().value;\n const salt = await bcrypt.genSalt(8);\n const hashedPassword = await bcrypt.hash(password, salt);\n\n const _id = await Users.insertOne({\n username,\n password:hashedPassword\n });\n response.status =201;\n response.body = {message: "User created", userId:_id, user:username} \n};\n\n //sign in a user\n export const signin = async ({request, response}:{request:any; response:any}) => {\n\n const body = await request.body();\n const {username, password} = await body.value;\n\n const user = await Users.findOne({username});\n\n if(!user) {\n response.body = 404;\n response.body = {message: `user "${username}" not found`};\n return;\n }\n const confirmPassword = await bcrypt.compare(password, user.password);\n if(!confirmPassword){\n response.body = 404;\n response.body = {message: "Incorrect password"};\n return;\n }\n \n //authenticate a user\n const payload = {\n id: user._id,\n name: username\n };\n const jwt = await create({ alg: "HS512", typ: "JWT" }, { payload }, key);\n\n if(jwt) {\n response.status = 200;\n response.body = {\n userId: user._id,\n username: user.username,\n token: jwt,\n }\n } else {\n response.status = 500;\n response.body = {\n message: "internal server error"\n }\n }\n return;\n }So far, you have progressed well. The next thing is to import your signin function in the routes and create a post request for it, as follows.
routes.allRoutes.ts
import { Router } from "https://deno.land/x/oak/mod.ts";\nimport {signup, signin} from "../controllers/users.ts";\n\nconst router = new Router();\n\n//User routes\nrouter.post("/api/signup", signup)\n .post("/api/signin", signin);\n \n\nexport default router;Congratulations on making it this far! You are through with the authentication route. Now, you can register a user, sign in, and authenticate the user.
\nYou need to create your todo CRUD API and protect the routes so that a random person will not be able to access your route except when authenticated.
\nGo to your schema folder, and create a file task.ts. In the file, create your tasks interface and export it.
schema.task.ts
export interface TaskSchema {\n name: string;\n isCompleted: boolean;\n } After successfully creating the task interface, move to our controller, create a file tasks.ts, and import the database, schema, and object Id. Then write the logic for our todo CRUD API.
controllers.tasks.ts
import db from "../database/connectDB.ts";\nimport { TaskSchema } from "../schema/task.ts";\nimport {ObjectId} from "https://deno.land/x/mongo@v0.30.0/mod.ts";\n\nconst tasks = db.collection<TaskSchema>("tasks");\n\nexport const create = async({request, response}:{request:any;response:any}) => {\n const {name, isCompleted} = await request.body().value;\n\n const _id = await tasks.insertOne({\n name,\n isCompleted\n });\n response.body = {message: "Task created!!", id:_id, name:name, Completed:isCompleted}\n };\n\n export const getTasks = async ({response}:{response:any}) => {\n const allTasks = await tasks.find({}).toArray();\n\n response.status = 200;\n response.body = {tasks:allTasks};\n };\n\n export const getById = async ({\n params,\n response\n }:{\n params:{taskId:string};\n response:any;\n }) => {\n const taskId = params.taskId;\n const task = await tasks.findOne({_id:new ObjectId(taskId)});\n\n if(!task){\n response.body = {message: `no task with Id: ${taskId}`};\n return;\n}\n response.status = 200;\n response.body = {task: task}\n};\n\nexport const updateById = async ({\n params,\n request,\n response\n}:{\n params:{taskId:string};\n request:any;\n response:any;\n}) => {\n const taskId = params.taskId;\n const {name, isCompleted} = await request.body().value;\n const task = await tasks.updateOne({_id:new ObjectId(taskId)},\n {$set:{name:name, isCompleted:isCompleted}});\n\n response.status = 200;\n response.body = {message:"Updated task", task:task};\n};\n\nexport const deleteTask = async ({\n params,\n response,\n}:{\n params:{taskId:string};\n response:any;\n}) => {\n const taskId = params.taskId;\n const task = await tasks.deleteOne({_id:new ObjectId(taskId)});\n response.status = 200;\n response.body = {message:"Deleted task", task:task};\n};With that out of the way, you need to create your todo CRUD routes. So, head over to allRoutes.ts and import the CRUD functions from the task controllers, then create the routes for our todo, as follows.
routes.allRoutes.ts
import { Router } from "https://deno.land/x/oak/mod.ts";\nimport {signup, signin} from "../controllers/users.ts";\nimport {create, getTasks, getById, updateById, deleteTask} from "../controllers/tasks.ts";\n\nconst router = new Router();\n\n//User routes\nrouter.post("/api/signup", signup)\n .post("/api/signin", signin);\n\n//Task routes\nrouter.post("/api/tasks", create)\n .get("/api/tasks", getTasks)\n .get("/api/tasks/:taskId", getById)\n .patch("/api/tasks/:taskId", updateById)\n .delete("/api/tasks/:taskId", deleteTask);\n\nexport default router;You need to protect your todo routes so that an unauthorized person will not be able to access them.
\nTo protect the todo routes, go to your middlewares folder: create a file called isAuthorized.ts, import the verify function from deno JWT URL, import Context from deno, import the secret key you've created, and create the authorized function.
The authorize function checks if a user has a JWT token, grant the user access if he does, and deny him access if otherwise.
\nmiddlewares.isAuthorized.ts
import { verify } from "https://deno.land/x/djwt@v2.4/mod.ts";\nimport { key } from "../utils/apiKey.ts";\nimport { Context } from "https://deno.land/x/oak/mod.ts";\n\nexport const authourized = async (ctx: Context, next:any) => {\n try{ \n const headers: Headers = ctx.request.headers;\n const authorization = headers.get('Authorization');\n if(!authorization) {\n ctx.response.status = 401;\n return;\n }\n const jwt = authorization.split(' ')[1];\n\n if(!jwt) {\n ctx.response.status = 401;\n return;\n }\n const payload = await verify(jwt, key);\n\n if(!payload){\n throw new Error("!payload")\n }\n await next();\n \n } catch (error) {\n ctx.response.status = 401;\n ctx.response.body ={message: "You are not authorized to access this route"}\n return;\n }\n};To protect your todo routes, import the authorized middleware function from the isAuthorized.ts middleware file and pass the middleware into the todo routes to protect them from unauthorized people.
routes.allRoutes.ts
import { Router } from "https://deno.land/x/oak/mod.ts";\nimport {signup, signin} from "../controllers/users.ts";\nimport {create, getTasks, getById, updateById, deleteTask} from "../controllers/tasks.ts";\nimport { authourized } from "../middlewares/isAuthorized.ts";\n\nconst router = new Router();\n\n//User routes\nrouter.post("/api/signup", signup)\n .post("/api/signin", signin);\n\n//Task routes\nrouter.post("/api/tasks", authourized, create)\n .get("/api/tasks", authourized, getTasks)\n .get("/api/tasks/:taskId", authourized, getById)\n .patch("/api/tasks/:taskId", authourized, updateById)\n .delete("/api/tasks/:taskId", authourized, deleteTask);\n\nexport default router;Awesome! Your application is ready, but wait! Don't get too excited yet, relax let's test the application :)
\nBelow is what your final project directory looks like:
\nDenoAPI_JWT_Auth
│
\n└─src
\n│ └───controllers
\n│ │ └───users.ts
\n│ │ └───tasks.ts
\n│ │\n│ └───database
\n│ │ └───connectDB.ts
\n│ │
\n│ └───middlewares
\n│ │ └───isAuthorized.ts
\n│ │
\n│ └───routes
\n│ │ └───allRoutes.ts
\n│ │\n│ └───schema
\n│ │ └───user.ts
\n│ │ └───task.ts
\n│ │\n│ └───utils
\n│ │ └───apiKey.ts
\n│ │
\n└─app.ts
Now that your application is ready, you need to test the various routes to ensure they are working. To test the routes, rerun your server with deno run --allow-net app.ts.
![\"deno](\"/62ae9cc872cb4e6726bf38887a6f95f2/apk23wt.webp\")
Great! The app is running on port:8080. You can now head to the postman to test your routes.
\n![\"Sign](\"/2737369979374f3a18b07747fbc29495/d2orbz0.webp\")
![](\"/d122648378e66a04ba9f5ccea186d791/trydtxn.webp\")
![\"Signin](\"/6c3a13c7403199d459243429bd206718/fee5d0s.webp\")
![\"Signin](\"/76e7addc166b0dfbc834423b2f8c664f/wncqtya.webp\")
Amazing! Now that you have signed up and authenticated a user, the returned token, which shows that the user has been authenticated, can be used to access your todo CRUD APIs.
\nFirst, let's try accessing your todo routes without the token...
\n![\"Create](\"/ecc4bd696513d61205cf9a4330f631ed/0bohcxv.webp\")
![\"Create](\"/821f749c0ad4c42017623a3bce8034d2/q6eetmg.webp\")
As you can see, when you tried to create a task, you got a message You are not authorized to access this route because a random person did it without a token.
Now, let's also try accessing the delete by Id route without the token...
\n![\"Delete](\"/3c361eebddb2e01593ae8bbde40dbce6/ngozekb.webp\")
![\"Delete](\"/1490faa5e0338c8995b8f22555595236/cdkr6ad.webp\")
Your todo CRUD APIs have been protected, and the only way a user can access them is by getting authenticated. Now let's log in again and use the returned token to access the todo routes.
\n![\"Tasks\"](\"/540a044d27006d91a86d4db1928b0c73/ehp4zwf.webp\")
So, you have logged a user in and put the returned Bearer's token in the authorization header. You can access our todo APIs now because, with the bearer's token, you are authorized to access the todo APIs.
\n![\"Create](\"/ecc4bd696513d61205cf9a4330f631ed/y9ilrk9.webp\")
![\"Create](\"/0592e46a3e4261079c741e095e5a987e/nbiaskx.webp\")
![\"Get](\"/990cf69f38c62c2d8e240d8f30d49ef8/zosrr9u.webp\")
![\"Get](\"/12178b6a0d02f0b42eb81d6d4c8be97b/zxkgmsm.webp\")
![\"Get](\"/3c361eebddb2e01593ae8bbde40dbce6/hph0xmy.webp\")
![\"Get](\"/a1856e78c8c2916792aefec9834c48f7/get-task-by-id.webp\")
Feel free to test the other routes to see how things work.
\nIn this tutorial, you've built a todo CRUD API and protected the routes from unauthorized access using JSON Web Token (JWT). You have learned how to create an Oak server in Deno, connect MongoDB, implement JWT authentication, as well as create and authenticate CRUD routes in a Deno application.
\nThe code for this tutorial is available here on Github. Feel free to clone and extend the features of the application.
\n","frontmatter":{"date":"July 28, 2022","updated_date":null,"description":"In this hands-on tutorial, you'll learn from scratch how to implement JWT authentication for CRUD APIs in Deno.","title":"How to Implement JWT Authentication for CRUD APIs in Deno","tags":["JWT","Deno","Authentication"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/ecb7a333dd6ee8ea03a2f5cc6c9633c2/58556/jwt-authentication-with-deno.webp","srcSet":"/static/ecb7a333dd6ee8ea03a2f5cc6c9633c2/61e93/jwt-authentication-with-deno.webp 200w,\n/static/ecb7a333dd6ee8ea03a2f5cc6c9633c2/1f5c5/jwt-authentication-with-deno.webp 400w,\n/static/ecb7a333dd6ee8ea03a2f5cc6c9633c2/58556/jwt-authentication-with-deno.webp 800w,\n/static/ecb7a333dd6ee8ea03a2f5cc6c9633c2/99238/jwt-authentication-with-deno.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Ekekenta Odionyenfe Clinton","github":"icode247","avatar":null}}}},{"node":{"excerpt":"Introduction Amazon’s sub-par data management story about its retail platform, if anything, is a cautionary tale . The lapses in…","fields":{"slug":"/identity/data-privacy-immediate-enterprise-priority/"},"html":"Amazon’s sub-par data management story about its retail platform, if anything, is a cautionary tale . The lapses in understanding how and where data is stored had severely affected how information is managed and secured. In turn, it caused security shortfalls and unnecessary privileged access that rogue employees and sellers had exploited.
\nThe opinionated notion of thinking of data security and privacy programs as cost centers has to be questioned and rethought. While such programs do not seemingly contribute to the profits generated by an enterprise, the adverse effects on the topline when such programs fail are visible in too many examples, mostly in terms of lost consumer loyalty and revenue growth. Inversely, data privacy and security today are fundamental to building and operating a successful enterprise that is sustainable in the long term.
\nOverall, security and privacy are interdependent. Accordingly, enterprise leaders should support such programs as not something to be performed but a priority to be managed with appropriate investments of capital and resources.
\nAn enterprise’s good track record with information security and consumer-focused privacy management can heighten brand value and strengthen market positioning in the current business landscape. Consumers, who have significantly been affected by data breaches, are concerned about what data they share and with whom, as data — either personal or transactional — is ever becoming critical to how consumers live and businesses operate.
\nIn this new paradigm, the amount of data is also growing exponentially. This phenomenon is making the data management practices and technologies that was widely used a few years ago ineffective, necessitating enterprises to rethink data management strategies and deploy emerging technologies to prepare for and overcome challenges.
\nAll this implies that data management programs have to consider information security and consumer data privacy as fundamental to their success and contribute to an enterprise's topline.
\nBut, how can enterprise leaders navigate this paradigm shift?
\nIn my short yet insightful eBook on data privacy, enterprise leaders will get in-depth insights and much-needed perspectives on managing data security and privacy.
\n\nThe chapters are as follows:
\nIn detail, I have organized the eBook into chapters mentioned above in addition to an Executive Summary intended for senior executives for a brief overview.
\n
When we think of customer-centric marketing, we tend to imagine a brand with a website that’s easy to navigate and use, or a mobile app that is responsive and intuitive, or in-store displays that are informative and engaging.
\nBut what if there were an even more important aspect to consider? What if the way a company treats its customers on social media was as important as any other aspect of customer experience?
\nToday, retailers need to look beyond just the one aspect of their customer experience. They also need to think about:
\nThat's why customer-centric marketing is so important in this time of uncertainty—and why retailers should be focusing on it now.
\nIn this blog post, we'll dive into how retailers can truly make their customers happy by advocating customer-centric marketing.
\nWhen it comes to customer-centric marketing, you should always be thinking about how your brand fits into your customers' lives—and not just at the point of sale. Here are some tips to help you out!
\nYou need to start thinking about your customer's needs from a new perspective. For example, take into account how they want to be treated and what their goals are. Next, you need to figure out how to help them achieve those goals through your marketing campaigns.
\nThe rise of customer performance indicators (CPIs) is a game-changer for traditional marketing. While traditional KPIs are merely an indicator of whether a company is succeeding or failing, CPIs take a more holistic approach to understanding what customers want from their companies.
\nMoreso, CPIs help understand how customers use their products or services and make real-time adjustments based on those insights. They also allow companies to figure out the impact of their marketing efforts and make strategic decisions about how best to spend their limited resources.
\nOne of the most important things you can do to become customer-centric is invest in infrastructure that will help you serve your customers better.
\n![\"EB-omnichannel\"](\"/d5d452c185b8b02d0349db4bfacccd22/EB-omnichannel.webp\")
The most important thing to remember when designing an onboarding flow is to make sure that it's simple and easy. You don't want to confuse your new customers—or even frustrate them!
\nThe sign-up process is often the starting point for a seamless customer onboarding experience, and it's an area where businesses often fall short. Here's what you can do to make the process as seamless as possible.
\nThe key to customer-centric marketing is to optimize every customer touchpoint. Optimizing means making sure that the customers' experience with your business is as easy and pleasurable as possible.
\nIt doesn't mean that you have to be perfect at everything all the time. But it does mean that you need to think about how every single bit of your business affects the customer experience.
\nSo, here's what you can do:
\nA customer-centric approach to marketing means that businesses are no longer focused on the products and services themselves, but instead prefer to understand the needs and wants of their customers. And that’s exactly what you need to do to lead this era of customer-centric marketing.
\n
In a world where data breaches are becoming the new normal, businesses are exploring new ways to protect customer identities. At the same time, cybercriminals are finding new ways to sneak into a business network.
\nAlthough identity theft isn’t a new challenge that businesses face every day, the outburst of COVID-19 has increased the number of attacks that can’t be overlooked.
\nHence, securing customer information is becoming more challenging, especially in a remote-first working environment with a poor line of defense.
\nHowever, multi-factor authentication (MFA) and two-factor authentication have been safeguarding customer identities and sensitive information for a long time. And now it’s time for businesses to think about out-of-band-authentication (OOBA) to reinforce security.
\nOOB authentication is used as a part of multi-factor authentication (MFA) or 2FA that verifies the identity of a user from two different communications channels, ensuring robust security.
\nLet’s look at some aspects of OOBA and why businesses should put their best foot forward in adopting a stringent identity security mechanism in 2022 and beyond.
\nOut-of-band authentication refers to multi-factor authentication requiring a secondary verification mechanism through a different communication channel along with the conventional id and password.
\nCybersecurity experts recommend OOB authentication for high-security requirements where enterprises can’t compromise on consumer identity security and account takeover risks.
\nGenerally, OOB authentication is a part of MFA, requiring users to verify their identity through two communication channels. The goal is to offer maximum security for customers and businesses in high-risk scenarios.
\nNow let’s understand why OOB authentication is swiftly becoming the need for enterprises.
\nSince the COVID-19 pandemic has changed how organizations operate and offer access to their critical resources, cyber threats have substantially increased.
\nWhether we talk about loopholes in access management or frail lines of defense, businesses have faced losses worth millions in the past couple of years.
\nHence, a robust authentication mechanism is what every business organization needs. And OOB authentication fulfills their security requirements since it works on a dual means of verifying identity through different communication mechanisms.
\n![\"WP-MFA\"](\"/eaed1dffa739ed33c12fbdbc49242e7f/WP-MFA.webp\")
OOB authentication works on the principle of multi-factor authentication and ensures that business data and user information remains secure even if one line of defense is compromised.
\nLet’s learn this through a real-life example. Suppose you’re about to purchase your favorite stuff online and need to pay through internet banking.
\nYou’ve entered your user id and password for completing the transaction, and now the bank sends a one-time password (OTP) to your phone to complete the transaction. Once you provide the right combination of user id, password, and OTP, your order gets completed.
\nHowever, the essential thing you need to understand is that even if a cybercriminal has access to your user id or password, it cannot complete the transaction without the OTP, which is either sent to your smartphone or through email.
\nHence, the risks for account takeover and fraud are minimized up to a great extent with OOB as attackers couldn’t bypass multiple layers of authentication.
\nSome great examples of out-of-band (OOB) authentication include:
\nOut-of-Band Authentication (OOBA) offers several advantages that make it a popular choice for enhancing security in various applications. Firstly, OOBA adds an extra layer of protection by leveraging different communication channels for authentication.
\nBy utilizing separate channels, such as SMS, email, or phone calls, to verify user identity, it becomes significantly more challenging for attackers to compromise both the primary channel and the out-of-band channel simultaneously.
\nAnother advantage of OOBA is its ability to detect and prevent various forms of attacks, including phishing, man-in-the-middle attacks, and account takeover attempts.
\nBy leveraging a secondary channel, users receive authentication codes or confirmations that are distinct from the primary communication channel. This separation reduces the risk of malicious interception and ensures the integrity of the authentication process.
\nFurthermore, OOBA enhances user experience by minimizing the need for complex and hard-to-remember passwords. With OOBA, users can rely on simpler passwords and receive secure, one-time authentication codes or prompts through a separate device or communication channel.
\nThis approach not only increases convenience for users but also mitigates the risk of password-related vulnerabilities, such as weak passwords or password reuse.
\nWhile Out-of-Band Authentication offers numerous benefits, it is not without its challenges and limitations. One primary challenge is the dependence on reliable communication channels.
\nSince OOBA relies on secondary channels, such as SMS or email, the availability and speed of these channels can affect the user experience. Delays in receiving authentication codes or messages can frustrate users and potentially hinder the authentication process.
\nAdditionally, OOBA can introduce complexities for users who may be less tech-savvy or have limited access to secondary devices or communication channels. This can be especially true for certain demographics, such as elderly users or individuals in remote areas with limited internet connectivity.
\nIn such cases, alternative authentication methods or additional support may be necessary.
\nAnother limitation is the potential vulnerability of the out-of-band channel itself. While using a separate communication channel provides an extra layer of security, it also introduces a new attack surface.
\nAttackers may exploit vulnerabilities in the secondary channel, such as intercepting SMS messages or compromising email accounts. Implementers of OOBA must ensure the security and integrity of both the primary and out-of-band channels to mitigate these risks effectively.
\nOut-of-Band Authentication is widely implemented across various industries and applications. One common example is the two-factor authentication (2FA) process used by many online platforms.
\nIn this scenario, after entering their username and password, users receive a one-time authentication code via SMS or email. By requiring users to provide this secondary code, the platform ensures an additional layer of verification and minimizes the risk of unauthorized access.
\nAnother example is the use of out-of-band channels for transaction verification in financial services. When users perform certain high-value transactions, they may receive a phone call to confirm the transaction details or receive a unique authorization code through a separate communication channel.
\nThis ensures that the user authorizes the transaction securely and protects against fraudulent activities.
\nOut-of-Band Authentication finds applications in a wide range of use cases where enhanced security and identity verification are crucial. One prominent use case is in online banking and financial services.
\nBy implementing OOBA, banks can protect customer accounts from unauthorized access and fraudulent transactions. Users may receive authentication codes or transaction confirmations via SMS or email, providing an additional layer of security for sensitive financial activities.
\nAnother use case is in e-commerce platforms and online marketplaces. OOBA can be employed during the checkout process to authenticate users and prevent fraudulent purchases.
\nBy requiring users to confirm their transactions through an out-of-band channel, such as SMS or email, the platform can verify the legitimacy of the purchase and protect against unauthorized credit card use or account takeover.
\nAdditionally, OOBA is valuable in remote access scenarios, such as virtual private networks (VPNs) or remote desktop services. Users connecting to corporate networks from outside the office may be required to provide authentication codes received through a separate communication channel, ensuring secure access and preventing unauthorized entry to sensitive systems.
\nTo ensure the effective implementation of Out-of-Band Authentication, several best practices should be followed. Firstly, organizations should carefully select and secure the out-of-band channel.
\nThis involves encrypting communication, monitoring for potential attacks or anomalies, and keeping software and systems up to date to prevent vulnerabilities.
\nFurthermore, it is crucial to provide clear instructions and guidance to users regarding the OOBA process. User education plays a vital role in ensuring smooth authentication and minimizing user confusion or frustration.
\nOrganizations should communicate the purpose of OOBA, explain the steps involved, and offer support channels for users who may encounter difficulties.
\nRegular monitoring and analysis of authentication logs can help detect and respond to suspicious activities promptly. Organizations should establish comprehensive logging mechanisms to capture authentication events, monitor for anomalies or potential breaches, and implement protocols for incident response.
\nLastly, organizations should consider implementing multi-factor authentication (MFA) in conjunction with OOBA. MFA combines multiple authentication factors, such as passwords, biometrics, and out-of-band codes, to provide an even higher level of security. By incorporating MFA, organizations can bolster their security posture and protect against various types of attacks.
\nAdding multiple authentication layers is now becoming the need of the hour, especially in the most unpredictable times when hackers find new ways to sneak into a business network.
\nWith out-of-band authentication, businesses can ensure robust security for their customers and their sensitive information, which is always at risk if multiple authentication factors aren’t incorporated.
\n1. What is the difference between in-bound and out-bound authentication?
\nIn-bound authentication verifies within the primary channel, while out-bound authentication uses a separate channel for verification.
\n2. Is out-of-band secure?
\nYes, out-of-band authentication is secure due to the added layer of protection using a separate communication channel.
\n3. Why do you need out-of-band authentication?
\nOut-of-band authentication enhances security and protects against attacks by leveraging a secondary channel for verification.
\n
Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":240,"currentPage":41,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}