How to check that users are logged in?
JPFrancoia opened this issue · 2 comments
Hi,
I followed the example and I was able to implement the flow for oauth. I'm just a bit confused about what to do next, once my users are authenticated. I couldn't find any clear documentation about the rest of the process.
Apart from the /auth and /callback endpoints, all my endpoints should require an authenticated user, and I'm not too sure about how to achieve that just with goth/gothic.
Looking here:
Line 221 in b5cb5a6
Or, should I use goth at the beginning of the process only, to get my users' info, and then use JWT to encode the user's email/Id in a JWT token? A bit like this: #310 (comment).
Could you point me in the right direction please?
what did you decided to do?
it's would be helpful
The state is used on initial login when the user comes back from the provider to confirm the user on callback before completing authentication. The state is discarded after gothic completes the auth process and returns the user. It is expected that you use the built in mux sessions for authentication checks to protected end points. If you don't want to use sessions then you would implement your own session management like a JWT, cookie, or database.
Personally I don't think mux sessions work well. I use a UUID and store user session info in a redis database then on my front end I store the UUID via a JWT(for front end session verification). On every call to the database I pass the UUID to the back end. This is used to confirm the session stored in redis and grant access to protected endpoints.
All that said from what I have seen, gothic expects the programmer to take responsibility of the session once the user is logged in.