Reputation: 4343
Easiest Node.js/Express authorization
I'm creating API for our frontend and I have trouble finding easiest solution for basic Node.js/Express authorization needs. I already have authentication in place, but I want to secure specific API routes.
Example case: user can only fetch (and edit) it's own profile so he can't fetch someone else's just providing email address
I've read about sessions and I've read about JWT. Not really sure which way to go - I don't need anything fancy, just something that will protect users data from being fetched by unauthorized users.
I'm using MariaDB and local authentication strategy (email/password).
Upvotes: 3
Views: 174
Answers (1)
Reputation: 3111
If you have local authentication strategy already implemented, I'll add JWT for the API resources you want to protect. It's quite easy with passport libraries.
With JWT you can get the user that is sending the request and make all the security checks you need.
Upvotes: 1
Related Questions
- NodeJS Authorize with JWT token
- How to make a Single Use JWT
- Opinion on a particular strategy for JWT authorization?
- Token Authentication - JWT
- Node.js API with JWT authentication
- Use of express-session and JWT
- How to protect against session attacks using JWT?
- Using JWT tokens. Is there a better approach?
- Simplest way to authenticate a user with express?
- Most secure node.js / express authentication mechanism