Comments (4)
Oh I understand your concern, but I wouldn't worry about it: Azure AD handles around a few billion requests everyday! Now how it deals with such scales is beyond me of course, but I would recommend checking out this blog post.
from active-directory-javascript-nodejs-webapi-v2.
@DarkLite1 as far as I know, the best practice for RESTful APIs is to be stateless i.e. each request should contain all the information that the API needs to decide whether and how to respond. As such, sessions are not recommended for REST APIs, in particular with respect to scalability (e.g. your API should be able to handle requests from any client type, some of which might not be able to establish a session). Of course, this might be in conflict with your performance needs. In that case, perhaps you should reconsider your app topology -a web application, instead of SPA + web API, might be the better approach for you.
from active-directory-javascript-nodejs-webapi-v2.
Thank you for the clarification @derisen . For me personally it would be a lot easier to not be using sessions, setting up cookies, maintaining the session store, ... . But, when using a session on the backend and having a login
graphql mutation called by the client only once, than Azure AD will also be called only once to verify the token and from that point on a session would be started to avoid calling Azure AD multiple times to verify the token.
Verifying the token with passport.authenticate()
and session: false
for every call is fine by me. I'm just wondering at which point Azure AD will say "Hey man, you're sending us too many verification requests, we're baling out!".
Could you elaborate a bit on this? How will Azure handle so many requests?
from active-directory-javascript-nodejs-webapi-v2.
Awesome! Going for a stateless API simplifies the design a lot! Thank you very much for the information. Closing this one.
from active-directory-javascript-nodejs-webapi-v2.
Related Issues (12)
- Documentation HOT 2
- How to get reason of token validation failure? HOT 4
- req.user is undefined HOT 2
- The client links in the overview are 404'd HOT 2
- Another 404 HOT 3
- Authentication failed due to: jwt audience is invalid HOT 3
- dead link?
- UPN, Profile ID missing from Account info page HOT 2
- Documentation HOT 1
- Authentication failed due to: In Strategy.prototype.jwtVerify: cannot verify token HOT 2
- cannot get AAD Federation metadata from endpoint you specified HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-directory-javascript-nodejs-webapi-v2.