I am learning webdev with Koa and currently trying to complete a project on my own. For authentication, what I do now is, whenever a user signs up or logs in, I take the unique user id from the db, encode it in base64 and then sign it as jwt and send it back as a JSON response. This is done by a set of auth routes. After these auth routes, I have an authorization middleware that checks whether the Request headers have the 'Authorization' field and if it does, it verifies the jwt and checks whether the id is present in the db. If it is, it stores the user details in the ctx.state or else it throws an error. Does this sound like a good strategy? Am I doing something wrong? Any place to improve?
Submitted February 21, 2018 at 02:40PM by sioa
No comments:
Post a Comment