We use OneLogIn for SSO and also SalesForce. We would like to have a single auth service that will take care of authentication and authorization to all our apps. Is this diagram looks like a good approach? http://i.imgur.com/Ji1I1P4.png -
Here is the suggested flow: email/password form -> auth service -> onelogin reply yes or no -> salesforce reply with user id. JWT token is created with user id, stored in a DB and JWT is returned to the app. The app will store the JWT in the localStorage (or in case of cordova is some other storage) and sends it in the HTTP header to every other serivce. BTW, I read conflicting article about localStorage as a place to store JWT: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/ http://stackoverflow.com/questions/27067251/where-to-store-jwt-in-browser-how-to-protect-against-csrf Opinions, links and suggestions are all welcome! -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/7568b93c-9635-4615-b0c0-a541cb51b2dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.