I have a quick question. I'm using JWT with passport's Google strategy for oauth. I'm signing a token, sending it to the client and then when hitting another route, the token should be passed in as a header, i.e. Authorizaiton: Bearer 1234lk2m41lk32m. I have a helper function that verifies the token:const verifyToken = (req, res, next) => { const token = req.headers['authorization'].split(' ')[1]; if (!token) return res.status(401).send({ auth: false, message: 'No token provided.' }); JWT.verify(token, process.env.JWT_SECRET, (err, decoded) => { if (err) { return res .status(500) .send({ auth: false, message: 'Failed to authenticate token.' }) }; // Set token to localstorage here? res.locals.JWT = token; next(); }); }; Since mobile will be using this app, I'm trying to set it to localStorage, is res.locals = token the right way to do this? Afterwards, I'm thinking of writing a function to get the current user from the id stored in the JWT and then figure out persistent logins.
Submitted April 22, 2019 at 06:22PM by marbles12
No comments:
Post a Comment