Closed sedge closed 9 years ago
@sedge, some food for thought:
1) Cookies vs. JWT and Why You're Doing it Wrong (non-biased comparison of cookies vs. jwt) 2) npm module for oauth tokens using passport 3) Cookie vs. JWT DFD 4) Cookies are bad for you
@yoavgurevich You've convinced me that we need to consider this carefully. I find the resources you provided overwhelming - do you understand JSON web tokens well enough to explain them? Otherwise my instinct is more research is needed.
A great article that explains the concept by itself, and also how to implement it using node.js and front end frameworks. Bam: Using JSON Web Tokens with Node.js
@yoavgurevich After doing some research on the topic, I think that tokens and sessions are equivalent in terms of difficulty in securing. I also think that tokens are easier to scale, which is a strong argument. Tokens it is!
ESTIMATE: 25 hrs DUE: Sunday, March 8th COMPLETION DATE: Day Month Date TOTAL HOURS: ASSIGNED: Yoav BLOCKS: TBD BLOCKED BY: None
Our application will use token-based authentication for authorizing the user. This has to be configured on the server side first, and incorporated into our RESTful API.
We'll be using passport for this.