my app using angular2 front-end, served separate (cross domain) backend server running express , using passport.js google oauth authentication.
when user authenticated server using passport (through google oauth), user data loaded database , included in credentials, used determine backend api routes authorized use. (it's based off tutorial on scotch.io i'm sure has seen: https://scotch.io/tutorials/easy-node-authentication-setup-and-local )
i want access user object in front-end enable route-guards depend on user's access level (defined in user object on server).
from question seems data sent via jwt , readable on front-end, not changeable, fine: https://www.reddit.com/r/angular2/comments/4ud0ac/ng2_secure_connection_front_to_back/
how access , read token on client? can find 'connect.sid' session cookie set express. payload of cookie doesn't fit standard jwt has 2 sections, not 3.
you not using jwt cookie-based sessions if followed tutorial. cookie contains session id server uses identify session session store, , using information dig database in deserializeuser. available in req.user in backend.
you of course add user data response of every request if using cookie-based sessions sending user object every response makes little sense. eg. add route return relevant parts of req.user:
app.get('/users', function(req, res) { res.json({ username : req.user.username }); ); 
Comments
Post a Comment