How to protect webclient pages?

FrankHassanabad / Oauth2orizeRecipes

OAuth2 security recipes and examples based on OAuth2orize

MIT License

375 stars 97 forks source link

How to protect webclient pages? #63

Open YannisMarios opened 6 years ago

YannisMarios commented 6 years ago

Hi,

How would you protect your web-client index page?

One has to login first before he can access it. How?

YannisMarios commented 6 years ago

I also do not understand why you try to login through the resource server

https.createServer(options, (req, res) => {
  if (req.url.startsWith('/api/tokeninfo') || req.url.startsWith('/oauth/token')) {
    authServer.web(req, res);
  } else if (req.url.startsWith('/login') || req.url.startsWith('/info') || req.url.startsWith('/api/protectedEndPoint')) {
    resourceServer.web(req, res);
  } else {
    localServer.web(req, res);
  }
}).listen(5090);