I'm relatively new to the node.js ecosystem, and I'm having a hard time wrapping my mind around the best auth strategies for an express + react app.The most recent application I wrote was a Rails 6 API + React SPA, and I took a simple, sessionless, custom JWT bearer-token approach for the API, then in my SPA I hit those endpoints, and when authenticated stored this info in local storage + redux for the front end routing authentication.In my new project, I've got an express server set up with Sequelize (Postgres) set up for my models. I have a User model that "has many" other models, and I would love to offload the actual auth logic to an external OAuth 2.0 provider such as Azure AD or Auth0, incorporate this with my front end, while maintaining an associated User model in my database. The front end is a React SPA that will feed off the express endpoints.I've been digging through tutorials and most seem to suggest some session based approach (which I'm not sure is best here?), and I'm having a hard time figuring out the best way to associate this type of API+SPA auth logic with my local User model that lives on my backend.Does anyone have any suggestions on direction here? Or perhaps a high-level kind of way I should be thinking about this?
Submitted December 05, 2019 at 06:54AM by cwncool
No comments:
Post a Comment