JSON web token appears to be doing no work in app #46
Comments
|
Finally _someone_ is paying attention...! 😄 What needs to be done to make this example "real wold" is: a) need to save the token on the client (e.g. to localStorage) so it can be sent back to the server on each _subsequent request_. b) add a link to And... if the person has not authenticated then visiting You have not misunderstood you've done the homework and spotted the opportunity to finish the example app. Do you have time to help "fix" this? |
|
Sure, I'd love to help finish the app! Before I get to work, it would be great to get an answer to #47 so I know which kind of storage I should use! Also, it would seem to suggest reconfiguring this app to be a one pager. I am happy to do that, but just want to check it is the appropriate approach. |
|
@rjmk You're such a 🌟 |
|
This is issue is being automatically closed as it's more than a year old. Please feel free to reopen it if it's still relevant to your project. |
Related to #5, but more extreme. Even within a session, it appears that the JSON web token is doing nothing. In my fork in which I have uninstalled json-web-token (https://github.com/rjmk/learn-json-web-tokens), I have identical behaviour to the web app. Namely:
Perhaps more illustratively, if you add a console.log for req.headers.authorization at the top of the listener, you will see it is always undefined.
I am not sure if the way you are using the authorization header to spec (http://www.ietf.org/rfc/rfc2617.txt). It appears to be only a meaningful header on the client request. The response may feature a www-authenticate header, which I have tried using with this app but to no avail yet.
Let me know if I've misunderstood anything (which is, of course, pretty likely!)
The text was updated successfully, but these errors were encountered: