Node: Sending JSON Web token to client with page redirect

Question

I am using Node Express to build my backend server. Additionally, authentication is my application happens with Passport-SAML. I am using JWT to maintain user sessions. So the flow is,

1. The user calls in login endpoint
2. They are redirected to SAML identity provider.
3. The Provider verifies the user and sends back an authorization back to the server on a callback URL.
4. I am using the POST callback URL to authentication and then create a token for the user to perform authorization and session management.

The callback POST endpoint also has a page redirect. And from so far what I have learned is res.status and res.redirect cannot be in the same endpoint for obvious reasons. I have been trying to find the right approach it, any help is greatly appreciated.

router.route('/login')

.get(
    passport.authenticate(config.passport.strategy,
      {
        successRedirect: '/',
        failureRedirect: '/login'
      })
);

router.route(config.passport.saml.path)

.post(
    passport.authenticate(config.passport.strategy,
      {
        failureRedirect: '/',
        failureFlash: true
      }),
    function (req, res) {
      res.redirect('/');
      var token = Verify.getToken(req.user.saml);
      return res.status(200).json({
        status: 'Login successful!',
        success: true,
        token: token
      });
      console.log(token,'yes');

    }
);

Answer 1

You've got an array of options here

Cookie

res.cookie('token', token, ...);
res.redirect(...);

URL parameter

res.redirect(`/some/url?token=${token}`);

Custom header

res.set('x-token', token);
res.redirect(...);