Hvala for this handy reference!
I have implemented JWT for my Todo-List-App, to be able to also make a CLI for it. The web-frontend, and the API for Ajax-calls, work with sessions/cookies.
Now I wonder whether I should prefer JWT over Cookies for the CLI. Is there any best-practise for non-webapp-authentication? (So far I think I'll stick to sessions, so I don't have to maintain two auth-methods in the node-app.)
Hvala for liking it!
Yeah, I'd also suggest using sessions. I believe it's the best and safest way to implement auth. In the end, ease of use and security are what's most important.
I'd put the JWT in a cookie and expand the middleware to check if there is one, too. The it works like a session, it's more secure (keyword: session hijacking)
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.