Maintaining Secret key and Access Token for JWT in Express and NodeJS with Facebook in Rest API Maintaining Secret key and Access Token for JWT in Express and NodeJS with Facebook in Rest API express express

Maintaining Secret key and Access Token for JWT in Express and NodeJS with Facebook in Rest API


angularjs node.js facebook express jwt

Ad 1. You do not have to store the JWT in the database. User ID can be part of the payload, therefore there's no need for it.

Ad 2. It's a common practice for the server side app to use one secret key for generating all JWT.

Ad 3. Check if token has expired on each request to your API and disallow access if the token has expired, return 401 status code. Client app should prompt user for credentials and request new JWT. If you want to avoid users re-submitting the credentials you can issue a refresh token that later can be used to generate new JWT.

JWT refresh token flow

http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last