Reputation: 989
Best practices to implement client-server authentication
I'm looking for an best practices to implement client-server authentication (local + social). Right now I'm developing backend & frontend separately. Earlier I did auth by next flow:
Sign in -> receive token -> call api
I need find a way to add token into blacklist also. Tech stack: node.js (sails) front-end: angular
Also front-end app should be available to call api of multiple servers. That means front-end app should sign in only once at main server and be available to call another api's.
I'm opened for out-of-box solutions.
Upvotes: 1
Views: 738
Answers (1)
Reputation: 4913
If you are using JSON Web Tokens (JWTs) as your token: you can put a unique, random value as the jti claim in the token. You store these jti values in your database and use them as your blacklist.
If you would like to read about JWT best practices for Single Page Apps with APIs, please see a blog post I've written on this topic: Token Based Authentication for Single Page Apps
Regarding out-of-box solutions: I work at Stormapth and we have such a solution in our Stormpath Angular SDK.
Upvotes: 1
Related Questions
- SailsJS v1.0 Bearer auth (API token)
- What is the best authentication method for sails.js?
- How implement an access token, so I can bypass login page (sailsjs)
- API Authorization Strategy
- Is my devised authentication method for node.js app viable? Am I missing anything?
- Protect API routes in Sails.js with token-based authentication?
- Authentication & Sessions in express.js/sails.js
- How to implement OAuth to my Nodejs/Sails.js app?
- Web application authentication strategies
- Securing a nodejs / sailsjs API with OAuth2