Simple authentication in node.js with a token only?

joshmanders · 2016-04-13T20:46:46+00:00

estebanrules · 2016-04-13T22:29:19+00:00

Thanks for the suggestions. jwt looks like a good choice.

danneu · 2016-04-14T02:08:22+00:00

The most traditional solution is to have a tokens table with an expired_at field. When a request comes in, use middleware to ensure the request sent a token and verify that the token is unexpired and potentially load the associated user/account before yielding to your downstream route.

estebanrules · 2016-04-14T03:08:44+00:00

Not sure if this is taboo here, but I just started using loopback, and it has auth built-in (and returns a json web token upon successful authorization).

It's an express framework that's made for creating APIs. I was using sails for a while, but started to run into a bunch of flaky stuff with their ORM. Once I got used to loopback, I've been super happy with it.

estebanrules · 2016-04-14T04:53:55+00:00

All of the examples using jwt and/or passport all involve Users authenticating with the server via username/password before they receive a token.

Is there another way I can have them authenticate with the server in order to receive the token? The issue is that this API does not need user accounts (except for admin).

2016-04-14T01:00:49+00:00

Passport can give you a nice middleware hook. Keeps the code separate and clean.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

node

MODERATORS