DEV Community

loading...

Discussion on: OAuth Like a BOSS

Collapse
jswhisperer profile image
Greg, The JavaScript Whisperer

Thanks for the article, I like the approach. I was wondering what your thoughts are on jwt auth with serverless or mixing oauth and jwt to get around rate limiting etc and avoid cookies?

Collapse
simov profile image
simo Author

Hi @Gregory, I'm glad you like the article.

Cookies are being used only as a mechanism to execute the OAuth flow successfully. It's a built-in feature in browsers and it's well understood concept. Depending on the cookie configuration you set on your end you can expire the session after you receive the access tokens.

As for JWT tokens, once you receive back the credentials from the OAuth flow, you can generate a JWT and return that to the user.