Coder Social home page Coder Social logo

Comments (4)

derisen avatar derisen commented on July 21, 2024 1

Oh I understand your concern, but I wouldn't worry about it: Azure AD handles around a few billion requests everyday! Now how it deals with such scales is beyond me of course, but I would recommend checking out this blog post.

from active-directory-javascript-nodejs-webapi-v2.

derisen avatar derisen commented on July 21, 2024

@DarkLite1 as far as I know, the best practice for RESTful APIs is to be stateless i.e. each request should contain all the information that the API needs to decide whether and how to respond. As such, sessions are not recommended for REST APIs, in particular with respect to scalability (e.g. your API should be able to handle requests from any client type, some of which might not be able to establish a session). Of course, this might be in conflict with your performance needs. In that case, perhaps you should reconsider your app topology -a web application, instead of SPA + web API, might be the better approach for you.

from active-directory-javascript-nodejs-webapi-v2.

DarkLite1 avatar DarkLite1 commented on July 21, 2024

Thank you for the clarification @derisen . For me personally it would be a lot easier to not be using sessions, setting up cookies, maintaining the session store, ... . But, when using a session on the backend and having a login graphql mutation called by the client only once, than Azure AD will also be called only once to verify the token and from that point on a session would be started to avoid calling Azure AD multiple times to verify the token.

Verifying the token with passport.authenticate() and session: false for every call is fine by me. I'm just wondering at which point Azure AD will say "Hey man, you're sending us too many verification requests, we're baling out!".

Could you elaborate a bit on this? How will Azure handle so many requests?

from active-directory-javascript-nodejs-webapi-v2.

DarkLite1 avatar DarkLite1 commented on July 21, 2024

Awesome! Going for a stateless API simplifies the design a lot! Thank you very much for the information. Closing this one.

from active-directory-javascript-nodejs-webapi-v2.

Related Issues (12)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.