JWT auth about mern-starter HOT 7 CLOSED

do a PR for this, everyone can chime in and comment on your pr to make improvements if needed. I would image this would need to be created on a new branch as this would be a major change which would include new models and controllers for users on server, as well as new actions, reducers, etc on client.

I am curious how this gets passed to react and redux myself

from mern-starter.

@sandeeppanda92 should we first implement user first in server/client, maybe open new issue? should we create a branch for this? thought once we have user implemented we could apply JWT after, This brings up the bigger question as well social-signin along with caching and sessions 👍

We could use passport with this. From passport-local examples: (with the JWT token added)

// POST /login
//   This is an alternative implementation that uses a custom callback to
//   achieve the same functionality.
app.post('/login', function(req, res, next) {
  passport.authenticate('local', function(err, user, info) {
    if (err) { return next(err) }
    if (!user) {
      return res.json(401, { error: 'message' });
    }

    //user has authenticated correctly thus we create a JWT token 
    var token = jwt.encode({ username: 'somedata'}, tokenSecret);
    res.json({ token : token });

  })(req, res, next);
});

from mern-starter.

@sylvainlap JWTs don't have to be stored in localStorage.

Did you take a look at https://github.com/lynndylanhurley/redux-auth?
It looks quite promising.

They use cookies as a JWT store and pass them in on the sever side via req.headers.cookies.

from mern-starter.

@HaNdTriX 1+

from mern-starter.

if exactly as @HaNdTriX says you have to keep the token in localStorage and I'm moving on how to do this JWT auth feel free to suggest things to make it better

from mern-starter.

I'm adding auth to my MERN project, using react-cookie to store the token, and ran into a problem when it comes to routing. To limit certain routes to authenicated users I made an onEnter method for the Route which involves accessing the store. Any tips on how to get the store in the routes file?

If anyone's curious, what I've done so far:
In actions.js, save the cookie in a loginSuccess function, load the cookie in a loadAuth function, and set the cookie as the authorization header in the action that I want to limit authorization.
In server.js, use react-cookie's plugToRequest.
In App.js, added a componentWillMount method that checks for auth and calls the loadAuth action if necessary.

Got these ideas from this thread:
erikras/react-redux-universal-hot-example#608

from mern-starter.

Authentication is something which will vary from project to project. Generally, it is not a good idea to have authentication in a boilerplate project. But, we could have the mern-cli clone a different project which has implemented JWT auth using mern for the people who want that. It can look something like this,

mern list

can output something like this

Available variants
--------------------------
passport-auth - MERN with passport.js
jwt-auth - MERN with JWT auth
redux-saga - MERN with redux-saga

You can clone a particular variant using

mern newApp jwt-auth

I've created a separate discussion thread for this at Hashnode/mern-cli#10. I'm closing this in favour of that. We can continue the discussion there.

from mern-starter.