You have your user accounts in a db. When a users logs in, you verify his account. You store every information you might need in the future in the claim of the JWT. You create the JWT and send it back to the user. With this JWT the user can now log in from anywhere, anytime until the JWT expires. You verify the user by decoding the JWT. The whole point of having JWT is to not store them in a db.
On Wed, Aug 5, 2015 at 7:40 AM, josh <macmillan.jos...@gmail.com> wrote: > Thank you Alexander! > > so maybe I don't even need to store anything in a DB? > > On Tuesday, August 4, 2015 at 6:13:51 AM UTC-7, Alexander Behrens wrote: >> >> > JWT token is created with user id, stored in a DB and JWT is returned >> to the app. >> >> Do you mean that user id stored in a DB or do you store the JWT in a DB? >> If you are storing the JWT, there is no point of using JWT :) >> >> > The app will store the JWT in the localStorage >> >> I always thought this was a good approach. But that way you will never >> get the JWT when the user initially loads the web app. You always have to >> render some boilerplate HTML and then let the client-side Javascript do the >> authentication call for you. >> >> On Tue, Aug 4, 2015 at 4:01 AM, josh <macmilla...@gmail.com> wrote: >> >>> We use OneLogIn for SSO and also SalesForce. We would like to have a >>> single auth service that will take care of authentication and authorization >>> to all our apps. >>> Is this diagram looks like a good approach? >>> http://i.imgur.com/Ji1I1P4.png - >>> >>> Here is the suggested flow: >>> email/password form -> auth service -> onelogin reply yes or no -> >>> salesforce reply with user id. JWT token is created with user id, stored in >>> a DB and JWT is returned to the app. The app will store the JWT in the >>> localStorage (or in case of cordova is some other storage) and sends it in >>> the HTTP header to every other serivce. >>> >>> BTW, I read conflicting article about localStorage as a place to store >>> JWT: >>> >>> https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/ >>> >>> http://stackoverflow.com/questions/27067251/where-to-store-jwt-in-browser-how-to-protect-against-csrf >>> >>> Opinions, links and suggestions are all welcome! >>> >>> -- >>> Job board: http://jobs.nodejs.org/ >>> New group rules: >>> https://gist.github.com/othiym23/9886289#file-moderation-policy-md >>> Old group rules: >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to nodejs+un...@googlegroups.com. >>> To post to this group, send email to nod...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/nodejs/7568b93c-9635-4615-b0c0-a541cb51b2dd%40googlegroups.com >>> <https://groups.google.com/d/msgid/nodejs/7568b93c-9635-4615-b0c0-a541cb51b2dd%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > Job board: http://jobs.nodejs.org/ > New group rules: > https://gist.github.com/othiym23/9886289#file-moderation-policy-md > Old group rules: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to nodejs+unsubscr...@googlegroups.com. > To post to this group, send email to nodejs@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nodejs/d552ecee-570f-4c36-8f83-bad78f1edbbc%40googlegroups.com > <https://groups.google.com/d/msgid/nodejs/d552ecee-570f-4c36-8f83-bad78f1edbbc%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAMhY10osDDeEwZG%2BpS9%2BxA3MtDFtv9BpuGF0z%3DAjV5h_uZev2w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
