Let's say you have a Heroku cluster with an Express app that handles user registration, login, and updating, and another Heroku cluster with an Express app that handles file uploads, and both API's use the same secret key to sign their JWT, and obviously both check against that secret when you make a call to the API that requires authorization.Does this mean that a JWT the client received from Cluster #1 would work on protected routes in Cluster #2 and vice-versa? It must, right?And if so, isn't there value in breaking up an API in this way for readability/maintainability/modularization? Or is there something I'm not thinking of here.
Submitted July 17, 2019 at 06:28AM by ClassicPurist
No comments:
Post a Comment