Node js authentication in cross domain

One possible solution to get around CORS/cookie/same-domain problems is to create proxy server that will mirror all requests from localhost:3000/api to localhost:4000, and then use localhost:3000/api to access the API instead of localhost:4000.

Best way for production deployment is to do it on your web server (nginx/apache).

You can also do it in node via express and request modules, or use some ready made middleware like this one:

https://github.com/villadora/express-http-proxy

Solution with this middleware is pretty straightforward:

var proxy = require('express-http-proxy');var app = require('express')();app.use('/api', proxy('localhost:4000'));

If you want to use sessions (ie. instead of jwt, etc) I think by default they are just in-memory so it will not work as your application scales to multiple hosts. It is easy to configure them to persist though.

Seehttps://github.com/expressjs/session#compatible-session-stores

You might have tried with passport-jwt. It generates tokens as per the JWT protocol on login. Your requirement is to blacklist the generated token when you logout. To achieve that, you can create a collection in mongodb named "BlacklistToken" with fields userid and token. When the user logs out, you can insert the token and userid in the collection. Then write a middleware to check whether the token is blacklisted or not. if it is redirect to login page.