Nodejs - Token authentication?

Asked

Viewed 451 times

3

I’m following a few examples here about authentication on and it’s working normal, but I’d like to know if passing the token through the URL would really be the right shape or if there’s any method that’s better.

node.js

  • Put the example you are following, please.

  • https://scotch.io/tutorials/authenticate-a-node-js-api-with-json-web-tokens - The example is from a book, but it is almost the same. I was only in doubt because he did not use a page as an example, it was all using a plugin to make the requests.

  • I wanted to give you an answer here too but I’m short on time. Passport.js is widely used and would be very appropriate here as well. If you have time together a reply with examples. I have spoken about it here http://answall.com/q/86609/129

2 answers

2


Yes, you can pass the token by the same URL.

Note that in the example, JWT is used, which is a standard for moving tokens and session data between client and server, reducing the server’s need to maintain session data.

Care should be taken only in any case to send sensitive information to the customer, especially in an unsecured connection, since the field payload of JWT can be recovered in full.

Another option, besides sending the token together with the URL, is to use a cookie or a specific field of the HTTP header, but in all cases, there are no security gains of one relative to the other.

  • Opa, amigo, how would I put this information in the http header?

  • @Liw.S. sorry I can’t help you with that. I only program PHP and Javascript (client-side). I don’t know Nodejs enough (besides having done something with Grunt and Gulp) to say how to do.

  • All right, I’ll ask you another question. Thank you for answering.

0

You can set the token in the url, the best thing to do to not fill the address field is to use in the request header, this part Voce will configure in front end, use the angular.io (angular 2)... frameworks front end always has something about Json Webtoken authentication.

For Angularjs I use the Satellizer: https://github.com/sahat/satellizer

Browser other questions tagged node.js

You are not signed in. Login or sign up in order to post.