First sorry for all the posts .I've been having some issues when it came to building my client side web app.So initially I created an API which talks to a postgresql database. Everything fine there.The issue came when I started to work on the client side web app.My login endpoint returns a JWT token if successful.On the client I used Axios to handle requests to my backend API, I have protected routes where it requires a JWT token which it verifies and then grants access to the endpoint.From what I've read, it's bad to save this JWT token on the client.Also I've read that JWT tokens aren't ideal for handling sessions on a website.So since I'm using Axios to handle POST,GET etc on the client and can't send back the JWT token as a header in future requests and I can't set the JWT as a cookie in my API login endpoint.I'm starting to think maybe have a server just for my API and maybe another server for running my website on. So then in the future i can then also have other clients interact with the API.What's the typical way people implement this?
Submitted May 30, 2020 at 04:26AM by prgrmmr7
No comments:
Post a Comment