Reputation: 135
What is the best practice working with OAuth, express and React.js
I don't quite understand the workflow of Third-Party Authentication. I am trying to create an SPA application with back-end on express and front-end on React. The application should handle webhooks from GitHub API.
I've managed to authenticate the user on my back-end but how do i send the access_token to the front end? (So i can do ajax on front-end).
GitHub allows to send ajax requests with token bearer.
Example:
curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/user
Do i send the JWT token instead to the front-end via query string? But then what do i do?
Upvotes: 1
Views: 428
Answers (1)
Reputation: 29316
You can add an endpoint to your web back end such as GET /token. However, this would need to be protected via an authentication cookie that your web back end issues.
If you are building an SPA then an alternative option (which I prefer) is to be entirely cookieless. This is done via the following steps:
- Implement authentication via the oidc-client library
- After login the browser will receive an access token and can send it to GitHub
- Use Express only to serve web static content
If interested in this approach, have a look at these resources of mine:
Upvotes: 1
Related Questions
- OpenID Connect /Node /React
- How to implement the best OAuth authentication?
- Implementing OAUTH2 best practice
- Storing Oauth access token and refresh tokens
- using google oauth2.0 with react, express application
- How to store OAuth2 access tokens in a React application?
- React JS How to handle authentication
- What workflow of OAuth 2 should I use on my application
- Strategy for serving OAuth access token within Redux application
- API Security/Authorization