My app is not going to have more than one user.
Idea: when the app first loads, if it's the first time ever it will create a token and send it to the client (JWT?). It sets initialized to true in its config file.
Then the client will use that token. No other client can connect.
If the client loses the token, nothing can be done except setting initialized back to false in the app config file.
Any other strategy you'd use?
Top comments (3)
My way would be to let the authentication to professionals, and use a oauth system like Google and in the config I would write my email, so only with a valid token from Google for that email you would gain access.
Sounds safer to put a token yourself in the config. If you remove the generation method from the code would be safer, because the intruder cannot "reset" it and gain control.
If you use a cloud provider would be easier to use a private key generated from their IAM services.
Back in the days we would use Apache auth plugin with user and password, maybe that is still a valid method.
Another note would be to block the IP ranges as well for more security.
PS: last month or so a similar question was posted on dev.to but I cannot find it, it was for an admin user but he had the same problem.
You can follow for example this tutorial:
medium.com/@patrykcieszkowski/jwt-...
Then in verifyJWTToken function, you can check your settings or config file and check for a global counter set in your app.
I hope I understood well your situation and helped.
Auth0