Comments (3)
I've been working on this for a while now. I've just written up 3 articles on token based authentication and using it in Node (JWT based). I haven't yet implemented it with AngularJS yet though. The articles will be out within the month, but feel free to take a look at the repo to see how a simple implementation is made:
https://github.com/scotch-io/node-token-authentication
When talking about authenticating with Facebook, I believe the best way to go about it is to authenticate from the client side and then have Angular send Node the token you get from Facebook to store. Since we want our applications to be single page, then it would be simplest to have the frontend do the authentication through third party services.
Or at least that's where my mind is after lots of research on the subject. I could be wrong.
from easy-node-authentication.
Hey I have been working on this problem and this is what I came up with. I am basically just passing access_token when user is logged in. The isAuthenticated() method deals with header authentication and with the access_token. Here is the code:
// when user is not connected with any strategy
router
.get('/', passport.authenticate('github', {
scope: scope,
failureRedirect: '/signup',
session: false
}))
.get('/callback', passport.authenticate('github', {
failureRedirect: '/signup',
session: false
}), auth.setTokenCookie)
// Connect method (when user is logged in)
.get('/connect', auth.isAuthenticated(), function (req, res, next) {
passport.authorize('github', {
scope: scope,
session: false,
callbackURL: config.github.callbackConnectUrl + '?access_token=' + req.query.access_token
})(req, res, next);
})
// The callback after github has authorized the user
.get('/connect/callback', auth.isAuthenticated(),
passport.authorize('github', {
failureRedirect: '/settings',
session: false
}), function (req, res) {
res.redirect('/settings');
});
Any feedback is appreciated. Feel free to close this.
from easy-node-authentication.
I like the implementation of the middleware. That's definitely the way to go to verify the token.
I am not 100% on the implementation of returning the token through the callback URL, but I'm sure it could work this way. Or another way, to give it the ability to be a fully single-page app on the frontend, you could return the token in JSON format.
I've seen this page plenty of times on the Passport site so I think implementing token based lies somewhere here: http://passportjs.org/guide/oauth2-api/
I am a little confused on their links to oauth2orize and to passport-http-bearer which is the implementation of the BearerStrategy (I believe middleware?)
Just something to look at it if you want to experiment with the "official Passport" implementation. I think you are on the right track though!
from easy-node-authentication.
Related Issues (20)
- README Git location error HOT 1
- Reason for /connect/... routes
- Problems Linking a Local Account & No cleanup when linking HOT 1
- Authorization code expires in facebook ,what to do HOT 1
- Email Id is undefined in Facebook login
- Race condition issue?
- Undefined variables
- Is it still valid for use for today's standards ? HOT 6
- Google Authentication Not Working HOT 4
- Update to express 4 HOT 1
- Critical Security Flaw - Mongoose Model inside Webtoken HOT 3
- Twitter Authentication / Authorization HOT 2
- Facebook name returns 'undefined undefined' HOT 3
- [Security Flaw] Tokens saved to Database in cleartext are vulnerable to attack HOT 2
- broken without error messages.
- facebook/twitter/google authetication is not working
- local authentication not working! HOT 1
- DeprecationWarning: `open()` is deprecated in mongoose >= 4.11.0
- MongoError: connection 0 to localhost:8081 closed at Function.MongoError.create HOT 1
- Congratulations
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-node-authentication.