
Welcome to the course. You are taking a great step by enrolling in this course. Better skills create a better life. You are on your way to a better life. As you learn new skills, you are building a better life. I commend you for your efforts to improve your life. As you improve your life, you are improving the world --- one person at a time. You are making the world better, and you are making your life better. This is a win-win for everybody. Great work! Also, this is your course. Use it in the way which is best for you. If you want to skip ahead, skip ahead. As your teacher, my job is to help you succeed. The content here is designed to help you succeed both with visual studio code, and also as a student and in life.
You can find everything I use in the course and all of the courses resources here:
Course outline
THE COURSE OUTLINE IS ATTACHED TO THIS LECTURE AS A PDF
CODE
github - https://github.com/GoesToEleven/golang-arch
Setting up resources for our course:
github
ssh
adding a collaborator
adding workspaces to gitignore
adding tags for versioning
tag v0.0.0
Installing Go & Go Modules
tag v0.1.0
Housekeeping
add version to previous video
tag v0.2.0
tag v0.3.0
Launching a service
tag v0.4.0
Encode
server sends to client
tag v0.5.0
Decode
client sends to server and server decodes
https://curlbuilder.com/
tag v0.6.0
Hands-on exercise #1
Create a server. Use Encode to send a slice of values of type person to the client as JSON. Use CURL to make a request to the server. https://curlbuilder.com/
tag v0.7.0
Hands-on exercise #2
On the server, decode this JSON into the appropriate data structure:
[{"First":"Jenny"},{"First":"James"}]
https://curlbuilder.com/
tag v0.8.0
Difference between authentication and authorization
Authentication
Determines who you are
Verifies that no-one is impersonating you
three ways to authenticate
who you are (biometrics)
what you have (eg, atm card; key; phone)
what you know (username; password, ….)
two-factor authentication
Authorization
What permissions you have on a system
Says what you are allowed to do
The name of the http header used for authentication
https://www.cyberciti.biz/faq/authentication-vs-authorization/
Http Basic Authentication
Basic authentication part of the specification of http
send username / password with every request
uses authorization header & keyword “basic”
put “username:password” together
converts them to base64
puts generic binary data into printable form
base64 is reversible
never use with http; only https
use basic authentication to login
tag v0.9.0
Exploring authentication and state
every request?
is this secure?
Storing passwords
never store passwords
instead, store one-way encryption “hash” values of the password
for added security
hash on the client
hash THAT again on the server
hashing algorithms
bcrypt - current choice
https://godoc.org/golang.org/x/crypto/bcrypt
scrypt - new choice
Hashing passwords
bcrypt
tag: v0.10.0
Bearer Tokens & Hmac
bearer tokens
added to http spec with OAUTH2
uses authorization header & keyword “bearer”
to prevent faked bearer tokens, use cryptographic “signing”
cryptographic signing is a way to prove that the value was created/validated by a certain person
HMAC
https://godoc.org/crypto/hmac
HMAC in action
HMAC is a cryptographic signing function
tag v0.11.0
Discussing HMAC
Discussing HMAC II
https://play.golang.org/p/HarO409e8tu
https://play.golang.org/p/G1Z7UelAuA6
https://play.golang.org/p/m76hqC55G-q
https://play.golang.org/p/sPZLQQC6YCF
other
https://play.golang.org/p/G1Z7UelAuA6
https://play.golang.org/p/lImDdhk0Xax
https://play.golang.org/p/m76hqC55G-q
https://github.com/GoesToEleven/SummerBootCamp/blob/a40ab4ac3f7a497d49e73f336ccae6dc29107a5b/05_golang/02/03/11_sessions/11_03_caleb_sessions_HMAC/main.go
JWT explained
JSON Web Token
{JWT standard fields}.{Your fields}.Signature
JWT documentation & claims
Analyzing a package to see if it’s go module compatible
go list -m -version github.com/dgrijalva/jwt-go
https://github.com/dgrijalva/jwt-go
tag v0.12.0
Creating JWT
tag v0.13.0
Validating JWT
tag v0.14.0
Overview of concepts
Rotating Keys
tag v0.15.0
Discussion
cryptography
large field
You don’t need to understand it fully to use it
Hashing
MD5 - don’t use
SHA
Bcrypt
Scrypt
Signing
Symmetric Key
HMAC
same key to sign (encrypt) / verify (decrypt)
Asymmetric Key
RSA
ECDSA - better than RSA; faster; smaller keys
private key to sign (encrypt) / public key to verify (decrypt)
JWT
NOT DISCUSSED IN VIDEO
Encryption
Symmetric key
AES
Asymmetric Key
RSA
Base64 - not encryption
tag: v0.17.0
Encrypting an email
symmetric key - encrypt the message
AES
compare sent / received
SHA
tags: v0.16.0 & v0.18.0
Reviewing encrypted email
tag: v0.19.0
Review and overview
SHA256 a file
tag v0.20.0
HMAC values in a cookie intro
https://play.golang.org/p/U1IMaqURYe_7
Examine example code
HMAC values in a cookie - 1
setting up a server and the html
tag: v0.21.0
VS code liveshare
Extension: Live Shareby Microsoft
HMAC values in a cookie - 2
Creating and viewing the hmac cookie
tag: v0.22.0
HMAC values in a cookie - 3
using HMAC to ensure a cookie has not been tampered with
tag: v0.23.0
Security high-level
https://research.swtch.com/deps
JWT overview of docs
Range: Why Generalists Triumph in a Specialized World Hardcover – May 28, 2019 by David Epstein
JWT in a cookie
tag: v0.24.0
JWT parsing Part 1
tag: v0.25.0
JWT parsing Part 2
tag: v0.25.0
Running
tag: v0.25.1
Google's Go Programming Language is one of the fastest growing, highest paying programming languages in the world.
There is a reason for Go's popularity: Go was created by geniuses and is the next step in the evolution of programming languages. Knowing how to use Go well increases your power and productivity as a programmer.
This course will give you the skills you need to advance your Go Programming Language skills. This course is very practical and applicable. It focuses on teaching you skills you can use. In this course you will build your skills with web authentication, encryption, JWT, and OAuth.
Presented with high-quality video lectures, this course will visually show you many great things about Google's Go (golang) Programming Language. Co-taught by a tenured professor and a Professional Developer, this is just some of what you will learn in this course:
Learn to succeed as a student
Launch a service that uses JSON encoding and decoding.
Master the fundamentals of authentication.
Acquire the skills necessary for secure password storage.
Build your understanding of hash-based message authentication code (HMAC).
Gain insight into Jason Web Tokens (JWT).
Explore the practical application of encryption.
Learn to establish authentication with HMAC.
Learn to establish authentication with JWT.
Master the fundamentals of open authentication (OAuth) including OAuth2.
Learn to establish authentication with OAuth2.
Reinforce your abilities with hands-on exercises.
This is an amazing course! This course will change your life. Being skilled at using the Go Programming Language will serve you and your career well. This course will increase your proficiency and productivity as a programmer. You are going to love this course and it will forever change your life.
Your satisfaction is guaranteed with this course.
Join me and enroll now!
--
The art used in the course image was designed by Renee French. License: Creative Commons 3.0 Attributions license