[英]oAuth on the front end or server side?
I have a MERN app (react on the front end and node, express, and Mongo on the back end)我有一个 MERN 应用程序(在前端和节点上反应,快递和后端在 Mongo 上反应)
I'm looking to implement oAuth login for the users to login.我希望为用户实现 oAuth 登录。
So far I am using the Google api to do the auto on the front end and then sending the token to the server where I get the Google user and check the database if the user ID exists or create a new user and return a jwt for future authentication.到目前为止,我正在使用 Google api 在前端执行自动操作,然后将令牌发送到我获取 Google 用户的服务器并检查数据库是否存在用户 ID 或创建一个新用户并返回一个 jwt 以备将来使用验证。
Now I'm looking into using passportjs as my oauth Middleware (mainly because I need to have more Auth providers like Facebook etc.) but is it a good idea to only do the Auth one the server?现在我正在考虑使用passportjs作为我的oauth中间件(主要是因为我需要有更多的Auth提供者,比如Facebook等)但是只在服务器上进行Auth是一个好主意吗?
I am also looking into using auth0 which has both front end and server side options but also unsure which strategy is better.我也在考虑使用具有前端和服务器端选项的 auth0,但也不确定哪种策略更好。
Any help is greatly appreciated.任何帮助是极大的赞赏。
I've spent some nights with this recently.我最近花了几个晚上。 This one helped me a lot .
这对我帮助很大。
Generally:一般来说:
const loginGoogle = async () => {
const loadGapi = () =>
new Promise((resolve, reject) => {
const script = document.createElement('script');
script.src = 'https://apis.google.com/js/api.js'; //loading gapi Script
console.log('SCRIPT: ', script);
script.onload = () => {
console.log('GAPIS SCRIPT LOADED');
gapi.load('auth2', () => {
const auth2 = gapi.auth2.init(options);
console.log('AUTH2: ', auth2);
resolve(auth2);
});
};
document.body.appendChild(script);
});
const ath2 = await loadGapi();
const code = await ath2.grantOfflineAccess();
return PostApi('auth/getgoogletoken', code); // sending to server for further processing
};
Let me know, if I can provide you with further info, I have implemented it with nginx/node/passport and react in frontend.让我知道,如果我可以为您提供更多信息,我已经使用 nginx/node/passport 实现了它并在前端做出反应。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.