Skip to content

Latest commit

 

History

History
49 lines (35 loc) · 2.35 KB

service-authentication.md

File metadata and controls

49 lines (35 loc) · 2.35 KB
Raw

Backend Challenge - Authentication Service

Introduction

The "Authentication Service" challenge is designed to build a REST API that handles user authentication, including registration, login, and password recovery.

Objectives

  • Set up a web server capable of handling API requests.
  • Implement endpoints for user registration, login, and password recovery.
  • Securely store user credentials (e.g., hashing passwords).
  • Generate JWT tokens for authenticated sessions.
  • Understand HTTP methods (POST for data submission) and status codes.

Instructions

  1. Objective: Develop a REST API for user authentication, including registration, login, and password recovery.

  2. Environment Setup: Choose your preferred programming language (e.g., JavaScript, Python, Java, C#) and set up the necessary environment.

  3. Implementation Details:

    • Define endpoints for:
      • User Registration (/register)
      • User Login (/login)
      • Password Recovery (/password-recovery)
    • Validate user input (e.g., email format, password strength).
    • Store user credentials securely (e.g., hashing passwords with bcrypt).
    • Generate and return JWT tokens for authenticated sessions.
    • Implement email functionality for password recovery.

  4. Testing: Test your API using an HTTP client (e.g., Postman, curl).

    • Send POST requests to the registration endpoint with user data.
    • Send POST requests to the login endpoint with user credentials.
    • Send POST requests to the password recovery endpoint with the user's email.
    • Verify that the responses are correct and status codes are appropriate (e.g., 200 OK, 400 Bad Request).

Possible Improvements

  • Email Verification: Add email verification during registration.
  • Rate Limiting: Implement rate limiting to prevent brute force attacks.
  • Logging and Monitoring: Add logging and monitoring for security and performance.
  • Third-Party Authentication: Integrate with third-party authentication providers (e.g., Google, Facebook).
  • Two-Factor Authentication: Implement two-factor authentication for added security.

Conclusion

By completing this challenge, you will gain practical experience in developing an Authentication Service and learn essential practices for backend development. Explore additional improvements and challenges to further enhance your skills.

Happy coding!