Client Side Node Authentication
As such, I'm not sure about the practicality of SPA authentication as I'm trying to get used to my new choice.
I will serve a Node / Express application with all the API routes on /api
, and the frontend will run in the root directory /
(all routes will serve index.html
, then client side routing will take care of the rest. So I have backend authentication configured with Passport library that works well, but how to keep server and client sessions in sync? As well as security concerns.
If I make a POST request /api/login
with credentials, what do I return in response to the client? Where is the session?
My interface is Vue, so I assumed I would just pass the user data (if the credentials are correct) to the instance and have a custom object. But I'm assuming I need to store some kind of token? (JWT?)
If anyone can clarify how this client-server architecture works, that would be great.
Greetings.
source to share