Thank you Alexander! so maybe I don't even need to store anything in a DB?
On Tuesday, August 4, 2015 at 6:13:51 AM UTC-7, Alexander Behrens wrote: > > > JWT token is created with user id, stored in a DB and JWT is returned > to the app. > > Do you mean that user id stored in a DB or do you store the JWT in a DB? > If you are storing the JWT, there is no point of using JWT :) > > > The app will store the JWT in the localStorage > > I always thought this was a good approach. But that way you will never get > the JWT when the user initially loads the web app. You always have to > render some boilerplate HTML and then let the client-side Javascript do the > authentication call for you. > > On Tue, Aug 4, 2015 at 4:01 AM, josh <macmilla...@gmail.com <javascript:>> > wrote: > >> We use OneLogIn for SSO and also SalesForce. We would like to have a >> single auth service that will take care of authentication and authorization >> to all our apps. >> Is this diagram looks like a good approach? >> http://i.imgur.com/Ji1I1P4.png - >> >> Here is the suggested flow: >> email/password form -> auth service -> onelogin reply yes or no -> >> salesforce reply with user id. JWT token is created with user id, stored in >> a DB and JWT is returned to the app. The app will store the JWT in the >> localStorage (or in case of cordova is some other storage) and sends it in >> the HTTP header to every other serivce. >> >> BTW, I read conflicting article about localStorage as a place to store >> JWT: >> >> https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/ >> >> http://stackoverflow.com/questions/27067251/where-to-store-jwt-in-browser-how-to-protect-against-csrf >> >> Opinions, links and suggestions are all welcome! >> >> -- >> Job board: http://jobs.nodejs.org/ >> New group rules: >> https://gist.github.com/othiym23/9886289#file-moderation-policy-md >> Old group rules: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> --- >> You received this message because you are subscribed to the Google Groups >> "nodejs" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to nodejs+un...@googlegroups.com <javascript:>. >> To post to this group, send email to nod...@googlegroups.com >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/nodejs/7568b93c-9635-4615-b0c0-a541cb51b2dd%40googlegroups.com >> >> <https://groups.google.com/d/msgid/nodejs/7568b93c-9635-4615-b0c0-a541cb51b2dd%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/d552ecee-570f-4c36-8f83-bad78f1edbbc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.