search

waterlock / waterlock-local-auth

Local authentication method for waterlock
http://waterlock.ninja/
MIT License
39 stars 83 forks source link

Return jwt on successful login #35

Closed wimvanhouts closed 9 years ago

wimvanhouts commented 9 years ago

Hi,

why isn't the appropriate token not return after a successful call of the aut/login function in the response body? The call to user/jwt seems like yet another call, and, how are both calls linked to each other in this scenario? Do you use session or cookie to achieve this, and if so, doesn't that beat the whole point of using tokens in the first place?

Kind regards,

Wim

wayne-o commented 9 years ago

There is a config switch for this- pretty sure the PR was merged in? On Tue, 14 Jul 2015 at 20:12, Wim Van Houts notifications@github.com wrote:

Hi,

why isn't the appropriate token not return after a successful call of the aut/login function in the response body? The call to user/jwt seems like yet another call, and, how are both calls linked to each other in this scenario? Do you use session or cookie to achieve this, and if so, doesn't that beat the whole point of using tokens in the first place?

Kind regards,

Wim

— Reply to this email directly or view it on GitHub https://github.com/waterlock/waterlock-local-auth/issues/35.

wimvanhouts commented 9 years ago

What would be the name of the config switch to enable this?

wimvanhouts commented 9 years ago

Ok, went through the list of PR's on the main waterlock project and found the solution. Instead of login success action to ''default" it must be set to "jwt", and in waterlock.js config file, it is best to set includeUserInJwtResponse to true, so you get all the information of the user at once. This makes it possible to work with sessions to get the token and works better in load balanced environment. Thx for the great component, but good docu seems to be missing at this time. Will try to write an article on it...

wayne-o commented 9 years ago

I'll spend some time in the next week synchronising things and see if I can push it along a bit. I'm relatively new to the project so can't take any credit for it :) Docs definitely need updating and I'll see if I can get some of the PRs merged in.

On Tue, 14 Jul 2015 at 20:46, Wim Van Houts notifications@github.com wrote:

Ok, went through the list of PR's on the main waterlock project and found the solution. Instead of login success action to ''default" it must be set to "jwt", and in waterlock.js config file, it is best to set includeUserInJwtResponse to true, so you get all the information of the user at once. This makes it possible to work with sessions to get the token and works better in load balanced environment. Thx for the great component, but good docu seems to be missing at this time. Will try to write an article on it...

— Reply to this email directly or view it on GitHub https://github.com/waterlock/waterlock-local-auth/issues/35#issuecomment-121354924 .

wayne-o commented 9 years ago

Ok so the documentation for this is on the main Waterlock README.md: https://github.com/waterlock/waterlock#config

Closing this now - feel free to re-open if you feel there is anything that needs adding / amending