Exploring the Routine of a Backend Developer

Brief Introduction

I am Abdulrafiu Kehinde Lawal, a Backend developer. I have been into coding for close to a decade and contributing to everyday software application for about five (5) years.

Being a backend developer is a rewarding and challenging profession. The skillset required of a backend developer is diverse and transcends across multiple subject areas.

Who Is a Backend developer?

There's different definition for the term which are inarguably correct but from a recent coursera article I came across, this is what they had to say and it very much aligns with my practical opinion:

Back-end developers are the experts who build and maintain the mechanisms that process data and perform actions on websites. Unlike front-end developers, who control everything you can see on a website, back-end developers are involved in data storage, security, and other server-side functions that you cannot see.

Whew! I hope that wasn't too cryptic to interpret. Putting it simply, backend developers work on aspects that you may not see physically on websites or softwares you use but you can experience them. For instance, when you go on an e-commerce store to create an account for yourself and put some items in your cart. At the end you get the total sum amount, that right there is you feeling the work of a backend develeoper because the cost of each item was collected from a database where it was stored which from the definition above is the jurisdiction of a backend dev. This among other things that maintains a record of the state of your activities on a website such as ensuring your data is always available and accessible to you and none else are glimpses of the prowess of backend developers.

A Difficult task encountered as a backend developer

As developer you will always come across task that will require you to research and widen your skillset. This is the rewarding part, being a developer helps you maintain your desire to learn and be abreast of new developments in the tech and innovation world.

To share a personal experience, I am going to rewind back to when I was just starting out as a developer and I needed to work on user authentication. That is sort of like, a process to identify users that request access to a system, network or device. Just to mention, there are various methods of performing user authentication in systems. At that time being a beginner, I was only skilled at the password authentication method which is the most commonly used especially in not so critical systems. But, this very task at the time required me to use a different authentication method known as token authentication.

Jeez, this was daunting as I had barely heard about it and never dugged into it. I started off with "asking google" as usual, then friends all while gathering the different idea and insights because, as a constant learner in tech you need to have options to know which resource best suits your requirement and learning style, which speaks your language and all that. I finally settled for a couple of online articles some recommended by colleagues while others I stumbled upon on my search. After nights of studying these articles, I was able to learn and come up with the step-by-step of performing a token based user authentication. I will try to take you through how I solved it while being language agnostic.

Step-by-step user authentication

• Choosing a Token Standard: The first step is to decide on a Token Standard as we have two commonly used, which includes JSON Web Tokens (JWT) and OAuth Token. I chose the first option since the latter involved third-party platform integration.

• Token creation: This step involves, collecting the user credentials e.g username/email and password, and checking with the server if there is indeed any such records. Upon confirmation, the jwt token is generated which normally consists of three parts: Header, Payload and Signature. This jwt is generated with the help of the jwt library or package. An example of such code in the Python programming language can look as shown below depending on programming style:

•   import jwt
    import datetime
  
    def create_token(user_id, secret):
        payload = {
            'user_id': user_id,
            'exp': datetime.datetime.utcnow() + datetime.timedelta(hours=1)
        }
        token = jwt.encode(payload, secret, algorithm='HS256')
        return token
  

  The code above shows a function create_token which receives two arguments user_id and secret.

• Send Token to Client: The generated token is sent to the client also called frontend and such token is stored either in local storage, session storage or a cookie. You might need to read up on these terms to know what they stand for since I am not going into that in detail. This token is typically sent from the server in a response body or an HTTP Header (e.g., Authorization: Bearer <token>), I chose to send it in the response body.

Having done all the steps above, the first part has only been done. The second part which I had to deal with was to put in place a token verification process. On subsequent requests from the client, the token is attached in the request Authorization header:

GET /protected-resource HTTP/1.1 Host: example.com Authorization: Bearer <token>

• Extract Token: The first step on the Verification process was that I had to extract the token from the Authorization header. After extraction, I decoded the token and verified the signature using the correct secret_key specified during token generation process described earlier. I also checked if the token had expired or not. The code can look as shown below for a Python script:

def verify_token(token, secret):
    try:
        payload = jwt.decode(token, secret, algorithms=['HS256'])
        return payload
    except jwt.ExpiredSignatureError:
        return None  # Token has expired
    except jwt.InvalidTokenError:
        return None  # Invalid token

• Grant or Deny Access:This is the stage where I either grant access to the request or I respond with the relevant error message. I grant access to the user request if and only if the token is valid else I deny access and respond with the appropriate error message whether the token is wrong or expired.

Whao! And that is it. You can also follow this same steps whenever you do need to implement an authentication system and save yourself the stress I went through. And I must say that, this is the good thing about being a developer, there's so much willing colleagues out there who are always ready to put their hard earned knowledge in the public domain to ease all our day to day task. They are the real super heros. I will suggest that you give a shout out to maintainers of your favorite open source package. Until next time ciao.

Finally, as a continuous learner and someone who always finds the opportunity to network and meet new people in the developer community, I am currently enrolled in HNG11 Internships. This is an opportunity for me to showcase my skill as a developer and take advantage of the platform for new job opportunities and collaborations.

You can check out the hng premium platform to join a large community of techies and who knows what you can find in there asides myself.