Skip to content
This repository has been archived by the owner on Feb 24, 2021. It is now read-only.

Standalone config confusion #23

Closed
kev89431 opened this issue Nov 15, 2017 · 4 comments
Closed

Standalone config confusion #23

kev89431 opened this issue Nov 15, 2017 · 4 comments
Projects
Ooth

Comments

@kev89431
Copy link

First I wanna say ty for starting this project. Following the integrated example, I made the curl request:

curl -XPOST http://localhost:3002/auth/guest/register

and the response is missing the token:

{"user":{"_id":"5a0bf5d9280f3c24fe626322"}}

For the response to includes the token I have to pass in standalone: true here https://github.com/nmaro/ooth/blob/master/examples/integrated/api/ooth.js#L11

I think it's confusing because standalone implying running ooth as a standalone server & I have to pass in standalone: true for the integrated example to work.

Going through the code, it looks like the only thing standalone config does is including the token in the response? I think you could remove the standalone config altogether & return the token in the response header by default.

/status should works with the token as well?
@nickredmark
Copy link
Owner

The idea is that if it is integrated you don't need any JWT token, because a cookie-based session is started.

@nickredmark
Copy link
Owner

More explanations: in the standalone mode I use JWT only on authentication to pass it to the api and create a cookie-based session there, then I drop it. That's why /status also doesn't return a token.

@kev89431
Copy link
Author

kev89431 commented Nov 15, 2017 via email

@nickredmark nickredmark added this to Prioritized in Ooth Nov 27, 2017
@nickredmark
Copy link
Owner

nickredmark commented Nov 28, 2017
edited

A clarification:

With ooth you can authenticate with any strategy one might implement based on passport.js, including JWT, username/password, facebook login, google, oauth and so on.

If ooth is integrated, a cookie-based session is started. This surely works fine on mobile browsing. I'm not familiar with how mobile apps work - can't they use cookie-based sessions too? Remember that you can always start a session with any strategy including JWT (it would be pretty easy to create a plugin for that).

If ooth is standalone it returns a JWT that you can then pass to any external app.

Now the question is: given the above remarks, do you still need ooth to work with JWT instead of creating a session in an integrated scenario?

@nickredmark nickredmark moved this from Prioritized to Doing in Ooth Nov 28, 2017
@nickredmark nickredmark moved this from Doing to Done February 2018 in Ooth Feb 7, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
Ooth
Done February 2018
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kev89431 @nickredmark