I noticed the security loophole with the current authentication flow after my summer internship when my email is already deleted, but I still had the access to the company's MongoDB database just by typing email & password correctly. The problem is very extrinsic: organizations lack an efficient and secure method to allocate an employee their resources. We build Deck to solve that problem. By leveraging the JWTs sharing technology, administrators can oversee, gain, and revoke the access of employees to a domain from a company's resource. We also empower employers by letting them see which employees belong to which team and have the access to which services. On the normal users' side, they can use Deck to login to any website without having to memorize different passwords for each website.
What it does
Deck is a platform for admins and managers to handle the access of company's data and resources. This is where the theme of the sprint comes into action. A company's data/ resources are assets to them. Any employee being able to access the data even after leaving the company may result into privacy breach on company's end. Deck solves this problem. An admin on logging in on Deck can see who has the access to which resource either viewing it by employee list or by resource/service list and can disable/enable the access of that resource by the user with a simple toggle switch. Apart from this Deck is an authentication system like that of "google sign in/sign up." Someone on a 3rd party platform can use authentication with Deck (provided that the platform has Deck authentication integrated) and get access to their account if the admin authorise it.
How we built it
- We used node.js to build the backend, react for frontend and integration of the backend with other platforms and MongoDB as the database.
- We used GitHub Project Board for management and notion for curating all the data like flowcharts, design, to-lists and resources.
- You can see more about our workflow & resources on our Notion's document
Challenges we ran into
- Initially we were not sure if we could go forward with this idea because we weren't able to figure how would we demonstrate authentication from third party platforms( eg. figma, mongoDB, etc). They say better late than never and we are glad that we up up with the innovative approach of using out previous sprint projects as 3rd party services to demonstrate OAuth service integration.
- We started late as compared to the other teams which meant we had to work faster to ship it on time.
- We divided the the work into categories as backend, frontend and integration with different services. Integrating all these individual parts as a whole had its fair share of challenges.
- Being in three different time zones it was a bit of a problem for us in the beginning to do code collab sessions in case we ran into errors. We overcame that with improving our project management on GitHub.
Accomplishments that we're proud of
- We integrated Deck with other platforms successfully with the oAuth service that we built from scratch.
- Our logo
- The architecture of multiple components that we've implemented.
- Our collaboration despite being in three different time zones
What we learned
- Project management with the help of flowcharts and proper documentation.
- Implementation and integration of oAuth service.
- To make Deck more secure we dug deep into implementation of refresh tokens with cookies. And honestly that was quite fun to dive into.
- We can say this for everyone on the team when we say that working on this project has helped us brushing up our node.js skills given the fact that we implemented a lot of features that were new to us.
What's next for Deck
- Better UI
- Teams feature
- Making the website more secure with the use refresh tokens, access tokens and cookies.
- Publishing an npm module for easy & no fuss integration of Deck into other platforms.