Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to know if user is loggedin in with passport.js across subdomains

Tags:

javascript

node.js

passport.js

passport-local

mean.io

I have created two Mean.io apps in domain.com and in sub.domain.com respectively and everything works as expected in both but the problem is that the one in the subdomain (sub.domain.com) needs to know if the user is logged in the main app (domain.com).

I know that passport handles sessions and knows if user is logged in because it creates an user object in req for every request in express.js:

if (req.user) {
    // logged in
} else {
    // not logged in
}

The inconvenient here is that this approach works from within the domain but not outside. In other words, if I make a request to backend like this:

$http.get('/api/users/me').success(this.onIdentity.bind(this));

from domain.com, this will be populated with user data, but if I make the same request directly from the browser, for example, it returns null.

I need to understand how could I pass this information across domains? And if everytime this request $http.get('/api/users/me').success(this.onIdentity.bind(this)); is made, information is passed to backend?

like image 484
Leonardo Lanchas Avatar asked Nov 10 '22 07:11

Leonardo Lanchas

1 Answers

I found the answer after some deep research.

Short answer: it is impossible using localStorage (data is only accesible by domain; not even for subdomains), which is the tool Mean.io now uses to store user information.

Long answer, every time, as long as you are logged in, you send a request to backend, angular intercepts the request before actually send it (this post explains this https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/) and adds an authorization header like this:

headers: 

{
     ...
     authorization: 'Bearer eyJhbGciOiJIUzI1NiJ9.JTdCJTIyX2lkJTIyOiUyMjU1ZDFjYmIxNDA..._rUsUBFxCQy3qqUGi9QGVD0YXCEk0', 
     ...
}

which passport later employs to serialize user info into session and put it in req.user. The Bearer token is stored in localStorage and for that reason it's impossible to get it from outside the domain. The only way I came up with was with cookies with domain = '.domain.com' so that every subdomain could read those cookies.

like image 83
Leonardo Lanchas Avatar answered Nov 14 '22 22:11

Leonardo Lanchas
Sign in to Comment

Related questions

How could I debug in nodejs, any tool similar to pdb or pry in Ruby or Python
Android InAppBrowser _system callbacks
Dynamically create a function with default parameters in JavaScript
HTML5 / CSS GPU Performance optimization
How to lock focus in a Dialog?
Possible to start a Meteor App with node instead of meteor?
assigning index to text of div jquery
AngularJS: $eval takes much time
Webpack and Nodejs isomorphic require with absolute path
How can I fix prepare statement failed with error: "1" - using SQLite?
After Node / Npm Update, Sails.js unable to find module 'ini'
DynamoDB batchWriteItem crashes in node.js
Node.js sending audio file and allowing user to seek
How to create nested json object in Angularjs
Bootstrap form validation - Validate a form using an on click event
oauth 2: Javascript vs. PHP?
How to insert new rows in some position in table
Correctly syntax-highlighting javascript in phpstorm
Javascript or Python - How do I figure out if it's night or day?
getUserMedia lock focus/exposure

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!