Adding JSON Web Token support

[declanelcocks]

Hey, hopefully you see this post as I know it's been a while since there was any activity on this repo. I've gone through and completed your other tutorial on JWTs and was actually looking for your advice on how to implement it into this repo. So far, I've converted this repo to a fully Angular app that's using all the up-to-date dependencies etc. and am ready to implement the JWT support.

On the client, these are the changes I think I'd need to make:

• Transfer all the auth related HTTP requests into an Auth Service of some sort.
• When doing $http.post('/login'), I would receive a token on success and add it to $rootScope (as well as the user's data) so that it can be used throughout the app.
• Edit the httpInterceptor to put the token in the headers for the request so that it can be checked on the server.
  I think these are the only changes I would need to make, so let me know if you think otherwise. I think this approach would be exactly the same for the social logins too, and when doing all the connect routes, the client would just send the token when making a HTTP call of some sort.

On the server, things would get a little more complicated, so I'd like your advice on whether this would be a good approach:

• Add in jsonwebtoken
• Create a function to take in a user and creates a token which encodes the user's _id too.
• With the createToken function, all login or signup requests would simply create a token if the login/signup was successful and return the token/user data. I believe this is simple, but maybe I'm missing something.
• The only other thing that would be needed is an isAuthenticated function to authenticate the routes such as connect or any update requests. So here I would check req.headers and req.headers.authorization for a token and use jwt.decode to get the data from it. If it passes all the basic checks such as expired or non-existent user, then we'd call next(); and move into the route that has successfully been authenticated.

I'm thinking that this is all I need to do, but as I said I can't help but feel I'm missing something, especially on the client side of things. Your input would be well appreciated!

[chris-sev]

Sounds like you're spot on on all your concepts. Have you looked into the node-jsonwebtoken package from the guys over at auth0?

That has everything you need to create tokens, verify them in some middleware, and more.

For a tutorial more on the client side of things, we have this tutorial on a Laravel + Angular JWT implementation. The client side of things will pretty much be the same since the server is just passing back a token.

[declanelcocks]

Thanks for your reply, I have another demo project which uses Satellizer so the client side of things should be no problem. Originally I was going to take a look at jwt-simple just to handle encoding/decoding the token, but I'll take a look at jsonwebtoken as you suggested. Thanks!

[RichardLindhout]

+1