Have an assignment to build account-password system without npm auth package.Whats the best approach
Kambala - depending on the definition of "db", could you consider vaultproject.io/? It's possible a little OTT for (what sounds like) a student assignment, but it's built to store passwords securely.
I'm not a node user so I'm going to be generic. Let's start with a "shopping list" of what you might need:
The registration flow is:
The login flow is:
This is the bare, bare, minimum.
Keep in mind that since there are no sessions in this scenario, the user will have to input their accounts everytime they decide to access the "protected" page.
thank you very much for getting me started.
Probably not directly helpful for what looks like a learning exercise in "things you shouldn't do unless you have to", but in the real world I would always look to delegate this part of an application to something sane like auth0.com, or AzureAD, or Facebook, Google, Twitter... much like your favourite dev website :)
More useful - all the stuff @rhymes
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.