CODEWITHSUNDEEP
node.jsexpressloopbackjs
Kenmore
Kenmore

Reputation: 1595

Setting access token cookie in Loopback?

I want to use cookies to keep a user logged in.

On this page here they say

To use cookies for authentication, add the following to server.js (before boot):

app.use(loopback.token({ model: app.models.accessToken }));

Seemed simple enough. I figured the cookies were set by Loopback automatically during the login process but it's still not working, I check my cookies in Chrome dev tools and none are set.

Am I missing something? Otherwise, what's the best way to hook into the login method to have set the cookie/header?

I found docs on the loopback.token() method here, which says exactly where it checks for the token.

Upvotes: 6

Views: 4522

Answers (2)

adelriosantiago
adelriosantiago

Reputation: 8124

Here are the detailed steps:

  1. Do npm install --save cookie-parser
  2. And npm install --save express-session

  3. Modify your server.js so that you add cookieParser and define a Cookie Secret,

    var cookieParser = require('cookie-parser');

    app.use(cookieParser('a random quote'));

This code should appear before

app.set('views', './server/views');
app.set('view engine', 'ejs');

When you login the user create a signed cookie, it is important that it is a signed cookie because Loopback will not read unsigned cookies. For example:

router.post('/login', function(req, res) {
        User.login({
            email: req.body.email,
            password: req.body.password
        }, 'user', function(err, token) {
            if (err) {
                if (err.details && err.code === 'LOGIN_FAILED_EMAIL_NOT_VERIFIED') {
                    res.render('reponseToTriggerEmail', {
                        title: 'Login failed',
                        content: err,
                        redirectToEmail: '/api/users/' + err.details.userId + '/verify',
                        redirectTo: '/',
                        redirectToLinkText: 'Click here',
                        userId: err.details.userId
                    });
                } else {
                    res.render('response', {
                        title: 'Login failed. Wrong username or password',
                        content: err,
                        redirectTo: '/',
                        redirectToLinkText: 'Please login again',
                    });
                }
                return;
            }

        res.cookie('access_token', token.id, { signed: true , maxAge: 300000 });

        res.render('engine', {
            email: req.body.email,
            accessToken: token.id,
            redirectUrl: '/api/users/change-password?access_token=' + token.id
        });
    });
});

And thats it.

Upvotes: 0

Kenmore
Kenmore

Reputation: 1595

I got it to work. The cookie wasn't being signed.

I'm pretty much new to Express and lower-level stuff like this. I remembered reading that the cookie had to be signed but it slipped my mind that I had to pass "signed: true".

My issue on Github if that helps anyone else.

Upvotes: 2

Related Questions