Can someone tell me why token authentication is preferred over a session cookie for private APIs?
I mean it makes sense for public APIs that you can access without an interface, but what about one that just serves a single-page app?
It's something I never understood.
Ka Lun Lee
@noinkling from my understanding, the benefit is for scaling. jwt are stateless and are sent with every request so the server doesnt need to keep track of it thus removing some stress on server . It just receives the payload (with the auth info) from the jwt, parses it, and accepts it if it matches. I remember reading something about jwt authentication working better with mobile too, but im not too sure about it. Aside from those things, i dont see much difference between session vs jwt
Is anyone familiar with HighStocks/HighCharts for making graphs?
Hi guys, I'm trying to login to my github account, in the cloud9 development environment
git config --global user.username <USerNamE>
this code is returning an error message
"bash: syntax error near unexpected token `newline'"
will you be able to help?
@Rafase282 I did my authentication for the Night coord app I am working on with JWT. I found it pretty straight forward compared with using the passport auth
Rafael J. Rodriguez
so you prefer JWT over passport-http/local?
@Rafase282 for sure, really straight forward I thought. I only done backend, but frontend should be really simple, store jwt in localstorage or in cookie, send it in header, body or url with requests to protected routes... header is prefered
For the Image Search Abstraction, does anyone have any tips for setting up the image search functionality? I've been struggling with using the google custom search api for the last day or so. I can get it to respond with search result data, but I can't seem to figure out how to limit that to results from google images, which seems to be what the example project is doing. Perhaps I'm barking up the wrong tree?
@jonslucas the best thing to do is ditch google and go with bing… yes bing, or imgur they have nice apis
Hmmm, I'll have to look into that. It's a little disappointing that I can't seem to figure it out though. It seems rather simple, like I'm just missing a certain query param in my request. And I can't seem to find the right google search term to get to the answer I'm looking for.
jonslucas sends brownie points to @darrylpargeter :sparkles: :thumbsup: :sparkles:
google search api was a bitch took me a long time to get it working, if you show me your code can try to help you (but coming form someone who used google api would say ditch it on the side of the road)
but, I guess it's not too much trouble to just scrap it and start with the bing API
register user, save user with hashed password (I used bcrypt)
login: compare hashed passwords and if ok, create JWT, (I used "jsonwebtoken" npm mod) send back in res to client
client send JWT in req, >> I did a simple middleware mod, that checks the JWT validity before routing to the protected route!
To logout user, you can simple delete token on the client side, but there are a way to revoke the token from server as well.
Protect your secret string, I put in .env
When you create token, don't forget to mask password in user object as the token is not encrypted only encoded, anyone can easily read a token
Rafael J. Rodriguez
@anders462 have you streamed before?
@jonslucas would say thats the best think bing has a module for it to make life even easyer if you google it plus 5,000 calls a month is better then 100 a day
@Rafase282 what do you use, I be happy to do it
Rafael J. Rodriguez
OBS to stream. I'm trying to fill a gap, the streams are either bonfires or FCC bug fixes or Musare, so I'm tryign to add API Backend and related front end dev while working on my project because I doubt people will sit to watch me write articles for the wiki. But the idea was to show you my api and then we can come up with a decent way to provide security, so far mine works but I'm still a noob. @anders462