在JWT中使用angularjs使用护照OAuth

Question

Currently, I am working on an Angularjs website that uses JWT (json web tokens) to verify if someone is logged in or not. Now I am wanting to add some "one-click" login methods using passport / oauth but finding it difficult on how I can pass the login details back to angularjs.

When I login with email / password, I generate a token, and pass it back to angular:

var token = jwt.sign({ _id: user._id.toString() }, JWT_SECRET);
return res.json({
  userID: user._id.toString(),
  username: user.username,
  isAdmin: user.isAdmin,
  token: token
});

And the token is used to verify login. When going through oauth, you must leave the site, and then come back, so I can't just return some token from ajax the same way.

I thought it might work to add it to my verify call (when someone refreshes the website, I run a check to see if they were logged in already). This checks for the token and returns the proper user data. Is there a way to check if passport is logged in already here as well? My verify code looks like this (JWT automagically sets the token info to req.user):

Schemas.User.findOne({ _id: req.user._id }, function (err, user) {
  if (err || !user) { return res.send(401); }
  return res.json({
    userID: user._id.toString(),
    username: user.username,
    isAdmin: user.isAdmin
  });
});

Answer 1

So I had a couple of issues. I wasn't using passport properly (I had forgotten to add the serialize / deserialize). Then on my auth callback I set a cookie with a JWT in it (I also didn't realize that passport also set req.user automagically), and checked for the cookie in angular. If the cookie exists, I set it to local storage, and delete the cookie. Works like a charm!