#authentication

Architect a secure User Management system. Use NextAuth.js for authentication (Google & GitHub providers) and Prisma with MongoDB for the database. Components needed: 1. 'Protected Route' wrapper using middleware. 2. Settings page to update profile (name, avatar, email). 3. Admin dashboard table listing all users with CRUD actions (Delete/Update Role). 4. Use Zod for form schema validation on the client and server.

Deploy and manage API gateways with rate limiting, authentication, and security controls for microservices architecture. API Gateway features: 1. Request routing: path-based routing, host headers, query parameters, weighted routing for A/B testing. 2. Protocol translation: REST to GraphQL, HTTP to gRPC, WebSocket support. 3. Response transformation: data format conversion, header modification, CORS handling. 4. Caching: response caching (5-minute TTL), cache invalidation, edge caching integration. Rate limiting strategies: 1. Throttling levels: per-API key (1000 req/min), per-IP (100 req/min), global limits. 2. Rate limiting algorithms: token bucket, sliding window, fixed window approaches. 3. Burst handling: temporary burst allowance, graceful degradation during spikes. Authentication methods: 1. API key management: key rotation, expiration policies, usage analytics. 2. OAuth 2.0/JWT: token validation, scope-based authorization, refresh token handling. 3. mTLS: certificate-based authentication, client certificate validation. Security controls: 1. Input validation: request size limits (10MB), content type validation, schema enforcement. 2. WAF integration: SQL injection prevention, XSS protection, bot detection. 3. DDoS protection: rate limiting, IP blocking, geographic restrictions. Monitoring and analytics: 1. Request metrics: latency percentiles (P50, P95, P99), error rates, throughput tracking. 2. API usage: top consumers, endpoint popularity, quota utilization. Load balancing: upstream health checks, circuit breaker pattern, retry mechanisms with exponential backoff.

Implement JWT auth securely. Flow: 1. User login with credentials. 2. Server validates and creates JWT. 3. Client stores JWT (httpOnly cookie or memory). 4. Include JWT in Authorization header. 5. Server verifies signature and claims. 6. Refresh tokens for long sessions. 7. Token expiration and renewal. 8. Logout (blacklist or short expiry). Use RS256 for production. Don't store in localStorage. Implement CSRF protection.

Explain the structure of a JSON Web Token (JWT). What are the three parts (Header, Payload, Signature)? What information is typically stored in the payload? How is the signature used to verify the token's authenticity? Provide an example of a decoded JWT payload.

Integrate social login with OAuth 2.0. Flow: 1. Redirect to provider (Google, Facebook, GitHub). 2. User authorizes application. 3. Provider redirects with authorization code. 4. Exchange code for access token. 5. Fetch user profile. 6. Create or update user in database. 7. Issue JWT to client. 8. Handle errors and edge cases. Use libraries like passport.js. Implement state parameter for CSRF. Store tokens securely.

Create a secure password reset process. Workflow: 1. Verify customer identity (email, phone, security questions). 2. Explain reset process clearly. 3. Send secure reset link with expiration. 4. Provide alternative methods if email inaccessible. 5. Guide through creating strong password. 6. Confirm successful reset. 7. Suggest enabling 2FA. 8. Provide security best practices. Balance security with user-friendliness.