Question: solution for CORS authentication?

[olalonde]

Hi. I have a single page app at mydomain.com which talks to an api at api.mydomain.com. Cookie-based authentication is a bit a PITA especially when dealing with stuff like protecting against CSRF. I was wondering if passport had an authentication method which would be a good match for this use case.

https://github.com/auth0/express-jwt seems like it would probably be a good fit but I'm not sure how to integrate it with passport.

[olalonde]

Ah, just found http://stackoverflow.com/questions/20228572/passport-local-with-node-jwt-simple which seems to combine express-jwt and passport. Looks like https://github.com/xtuple/passport-oauth2-jwt-bearer might be useful as well.

[jshemas]

Thanks for the SO link, that was just what I was looking for!