If you want to break up your back-end into say, 3 servers: 1 auth, 1 registration/login/delete user, and 1 for app-specific endpoints, how do you handle the login endpoint that creates the JWT? Is that located on the Auth server?module.exports = (req, res) => { database.db().collection('users').findOne({ $or: [{ email: req.body.email }, { username: req.body.username }], }) .then((user) => { if (bcrypt.compareSync(req.body.password, user.password) === true) { const token = jwt.sign({ username: user.username, email: user.email }, process.env.JWT_KEY, { expiresIn: '12h' }); return res.json({ message: 'Login successful.', token, username: user.username, }) .then(() => res.sendStatus(201)); } return res.sendStatus(400); }) .catch(() => res.sendStatus(500)); }; Here's my login endpoint. Should this whole thing be in the Auth server as the only endpoint?Or do I throw to the Auth server afterif (bcrypt.compareSync(req.body.password, user.password) === true) via an API to API call in order to generate the JWT and then come back to this server to execute the rest of the route?FYI - I know that JWT verification is different from what we see here for public/private key. Let's not worry about that for now.Thank you all for any help.
Submitted August 01, 2019 at 09:43AM by ClassicPurist
No comments:
Post a Comment