🔑

Authentication System

The foundation of every web & app. Covers Register, Login, JWT Token, and Password Hashing.

Register System Flow

📋 Step-by-Step Flow

👤User

Fill in name, email, password on registration form

🌐Frontend

Validate form: email format, password strength, required fields

📤Frontend

Send POST /api/register with data to API Server

⚙️API Server

Check if email already exists in database

🔐API Server

Hash password with bcrypt (salt rounds 10+)

🗄️Database

Save new user record (id, name, email, hashed_password)

📧Email Svc

Send verification email with unique link

✅User

Click verify link → account activated → redirect to login

🧠 Key Concepts

🎫

JWT Token

JSON Web Token — stores user info in an encrypted string, decoded by the server without DB lookup. Contains: Header.Payload.Signature

🔐

bcrypt Hashing

One-way password hashing algorithm. Even if DB is leaked, attackers cannot reverse the hash. Use salt rounds ≥ 10.

🔄

Refresh Token

A long-lived token used to get a new Access Token. Stored securely (HttpOnly Cookie). Access Token expires in 15 min, Refresh Token in 30 days.

🌐

OAuth 2.0

Login with Google / Facebook / Apple. The provider authenticates the user and sends back a token. No need to store passwords.

📱

MFA / 2FA

Multi-Factor Authentication. After password, verify with OTP (SMS / Google Authenticator). Greatly reduces account hijacking.

⚖️

Session vs Token

Session stores state on server (DB/Redis), Token (JWT) is stateless. APIs and mobile apps prefer Token; traditional web prefers Session.

Need a secure authentication system? 🔑

We build secure Login systems with JWT, OAuth, and 2FA.

← Back to LearnContact Us

Address

TNGroup soft thailand Mueang District, Maha Sarakham

Phone

093-3381817
098-7799609

Email

Tngroupsoft@gmail.com