I am writing a nodejs application that I would like to use as both a web application, as well as an API provider. Once a user is authenticated, I want to assign that user a
Simply use the access token on every request. Using a session is NOT needed. The following is the workflow:
POST /signin
/signin
.When the client receives the access token from the authorization server, it can then make requests to protected resources on the server. For example:
GET /api/v1/somefunction?token='abcedf'
References
Make a secure oauth API with passport.js and express.js (node.js)
As bnuhero mentions you don't need sessions (although that approach has its merits too). Here's a boiler-plate project that I'm starting for this: https://github.com/roblevintennis/passport-api-tokens
Here's an alternative and easy to follow tut (but it DOES use sessions). Might be a nice cross-reference: http://scotch.io/tutorials/javascript/easy-node-authentication-setup-and-local
And one more reference related: http://mherman.org/blog/2013/11/11/user-authentication-with-passport-dot-js/
You can use isAuthenticated() method in passport in nodejs. On every route you can make a check if(req.isAuthenticated()) and if it is already authenticated it will allow you to access the route or you can redirect or perform any other any other execution in else block. In Passport you can return done(null, user) for successful login and it will store the data in the cookie until the session is ended. in user you can information about the user like email, password.
app.get('/home', (req, res) =>{
if(req.isAuthenticated()){
//render home page
} else {
// go back to the login page or throw soome error
}
})