Recommendations for working with JWTs and Sessionless APIs? #137
Comments
|
I'm fighting this myself and debating what direction I want to take my project. I'm about 1/2 ACL and 1/2 middleware - but have to support JWT. I've tried working a Did you figure anything out? |
|
Hi, I guess the right way to go would be to implement a JWT backend to get the info from the token, to be used instead of one of the existing backends (redis, mongo, memory). I'll try to share anything I can come up with on that topic. /Yoann |
|
Did any of you end up solving this? Did you do it with |
|
Hi there. |
|
I am using meanjs.org in some of my projects and have implemented JWT on top of it. After passport authenticates using jwt, the user is set in req.user. You can then use acl.middleware() to get the user info from req.user and check for your permissions. |
|
@vigneshnrfs That will not work very-well with stateless api's which is exactly JWT's good for. Currently I re-wrote the middleware myself to read roles from JWT's, it treats sub as userId and role as a role claim from JWT. |
Hi there,
I notice that the user details is taken out of session store, is there a recommended way to handle this for the case where I intend to use a stateless authentication technology (such as JWT) ?
A solution that comes to mind is to simply have my JWT authentication middleware populate the session.id object before passing it on to ACL?
Thanks!
The text was updated successfully, but these errors were encountered: