Menu
So I have a Node.js server based on the Sails.js framework and I have successfuly implemented passport.js in a way that:
(login)POST /auth/local: if validated returns ID,Username and Email address.
(register)POST /auth/local/register: when registered returns ID,Protocol,Hashed password, UserID and an accessToken.
Now in my phonegap(ionic framework) I need to keep some data to make a login request automaticly everytime the user opens the app. I used to save the passport and the username localy but I understood that its a very series security hole.
Should I use a more secure localStorage? Should I use at all? Should I just save the userID? please clear this issue to me.
911
First of all if you're not aware you should read oatuh 2.0 protocol documentation. But I'm warning you that it can be quite complex and how you implement it, it's up to you.
This is package for PHP but in it's wiki it sums pretty well the four types of grant that you can achieve with oauth:
In your case I think that Resource Owner Password Credentials Grant is enough, but then again that it's up to you.
I have found this two npm packages, that maybe can help you out node-oauth20-provider and Sails-OAuth2-API
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
