I'm building a single page app built on Angular for the front-end and sailsjs for the backend. Right now I'm using sails-auth (which uses passportjs internally) to bind my authentication logic to my user model.
I have multiple passport providers installed and available on my frontend, such as passport-github
and passport-facebook
, but also a classic passport-local
so that the user can also signup and login with just his username & password.
I would like my clients (The single page app, and maybe others in the future) to use a token after the auth instead of cookies/sessions so that it's easier to scale and cross-domain requests will also be easier. It will also make mobile integration much easier.
I know I have to use callbacks for OAuth providers, here is the flow that I'm aiming for :
I know that I can replace my sail-auth's sessionAuth
policy by a tokenAuth
policy that can read the token from the headers and query a Tokens
model for example, but then my questions are :
policies/passport.js
shows that by default it relies on built-in sessions to persist login/to serialize&deserialize the userID. How do I decouple it from sails built-in sessions so that it generates a token for the user and serve back my index with the token embedded?Thank you in advance!
On the auth route, you could go for passport.js based authentication in the backend (without session), use the token for tokenAuth
and forward the token to the user.
Then for secure routes, you could place verifyToken
call in your policy (intercept each route).
Disclaimer: I haven't tried this myself.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With