I'm working on adding google login to my web app. It's a RESTful app, so once a user is logged in, each individual request must be authenticated with a token.Currently, I create my own tokens using JWT. I can add useful information to the token object to help with state management and reduce calls to the db.My question is: once I add google as an authentication provider, do I then need send every request to Google to be authenticated, rather than authenticating it on my own server? Do I then lose the ability to customize the content of the token?I've been looking for a "best practice" here, but I haven't found much useful information on how to approach it.
Submitted December 05, 2017 at 01:37AM by i-downvote-memes
No comments:
Post a Comment