Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth2 issue getting JWT token from server when different ports #416

Closed
enricribas opened this Issue Feb 8, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@enricribas
Copy link

enricribas commented Feb 8, 2017

I am using two different ports for two different apps, one for client side and one for server side, 3000 for client, 3030 for server. I have set up google auth2 and on the client side have a link to go to :3030/auth/google, perfect, that send me to the google.com auth page and then I accept and it goes back to :3030/auth/success
The HTML rendered from :3030 tells me success! you are logged in and we have set a cookie with JWT token and it shows me the token onscreen. Great. So I create set

  "auth": {
    "shouldSetupSuccessRoute": false,

in my config/default.json

and in app.js, I create a route for /auth/success and this is where I'm stuck.

app.get('/auth/success', (req, res) => {
  const token = req.feathers['feathers-jwt']
})

NOTE: Need to add app.use(cookieParser())

How do I pass this back to my client side?
Setting cookie won't work because it's a different domain (ie port)
Should I really pass the token in the query string? Is that best practice? Or am I missing something?

I also assume that the feathers client will not find it in the query params and I will have to manually set it into the localStorage? That also seems strange.

Is it bad practice to have two domains for client and server, seems pretty standard to me as I prefer having two distinct apps. I guess most people just run the client/server on the same port?

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Feb 8, 2017

You can use query string if you are turnin on full SSL. Or another option that I use is to create a simple HTML page to replace the Feathers success page. Just have.a script on that page read the token from the cookie, create a new cookie for the other domain, then do a client redirect.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Feb 8, 2017

And keeping the apps separate is a good practice.

@enricribas

This comment has been minimized.

Copy link
Author

enricribas commented Feb 11, 2017

Thank you for your advice. I will create a redirect page from the server. Seems cleaner, and hopefully the feathers-client will then automatically set the localStorage token.

@enricribas enricribas closed this Feb 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.