re: Securing Node.js RESTful APIs with JSON Web Tokens VIEW POST

FULL DISCUSSION
 

Hvala for this handy reference!
I have implemented JWT for my Todo-List-App, to be able to also make a CLI for it. The web-frontend, and the API for Ajax-calls, work with sessions/cookies.
After I got it working, I realized that I can also use cookies for the CLI (Golang has CookieJar for this).

Now I wonder whether I should prefer JWT over Cookies for the CLI. Is there any best-practise for non-webapp-authentication? (So far I think I'll stick to sessions, so I don't have to maintain two auth-methods in the node-app.)

 

Hvala for liking it!

Yeah, I'd also suggest using sessions. I believe it's the best and safest way to implement auth. In the end, ease of use and security are what's most important.

 

I'd put the JWT in a cookie and expand the middleware to check if there is one, too. The it works like a session, it's more secure (keyword: session hijacking)

code of conduct - report abuse