leolara
commented
9 years ago @shankscoder I switched over to hapi for this reason:
https://github.com/leolara/angularjs-hapi-auth0-boilerplate
loopback didn't let me integrate the jwt with their ACL system easily, so I ended up using Hapi for the project I was doing.
Just wanted to check if there has been an update to how to use the Auth0 token to actually secure the backend API? As per your current ACL, the Messages API is exposed. How do we use Auth0 and Loopback to validate requests?
I'm assuming the JWT needs to validated, but have you looked into this yet? TIA.