Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Andrew2018-12-26 05:14:43
Express.js
Andrew, 2018-12-26 05:14:43

Creating authentication on Vue+Express?

I can’t figure out what and where to use to create authentication / authorization, when there is a separate API on Express, and a client on Vue.
You need Passport.js, but what strategy should you use? Passport-local or passport-jwt? If jwt, then where to transfer the token? Is it possible without jwt? How to check it? Do I need Vuex, or can I do without it to create a simple authentication? I shoveled a bunch of lessons, but there is little intelligible. I created a simple registration, hashing passwords and that's it. On authorization I stop for the third time, after which I postpone this question. Although this is the most interesting thing in development)
The main plug now with passport.js is in the login route.

app.post('/profile', passport.authenticate('jwt', { session: false }),
    function(req, res) {
        res.send(req.user.profile);
    }
);

It's completely unclear to me where it's supposed to accept credentials here for validation. It looks like some kind of magic - passport.authenticate => VZHOH => you are logged in. :/
Yes, there is a separate passport.js file, but it's still scarier.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
L
lavezzi1, 2018-12-26
@lavezzi1

Here is an option on how to implement authorization on the Vue side - https://medium.com/@pavelgonzales/best-practices-%...
The same can be easily found on Express. And be guided by your needs.

Report
D
Dmitry Makarov, 2019-04-28
@MDiMaI666

jwt is more complex, cookies are simpler and work everywhere

Report
R
Renhor, 2019-06-21
@Renhor

I recently dealt with the issue myself. Specifically, in your piece of code, you must transfer your JWT token from the client, the passport decrypts it, and if it matches the desired user, then you have been authorized. At the same time, as far as I understand, it is impossible to fake this token without knowing the secret key, just steal it.
Detailed lessons that helped me - Here
From about 42-43 lessons

Similar questions
I
Igor2019-10-10 16:36:25
Is there subline text on android? 1Reply
L
learn0012016-04-25 10:55:40
What does this mean when connecting the module? 3Reply
H
Hiroshima2020-08-22 07:27:30
Why is express not installed? 1Reply
S
Stacy None2019-01-17 08:53:20
How to check multiple input fields for text? 4Reply
S
snackovich2014-03-16 11:59:58
What is the admin panel for a node.js (Express) project? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question