Token created, how to handle?

Question

Token created, how to handle?

technowar opened this issue 10 years ago · 2 comments

I have successfully created a token, and I'm wondering how do I pass this thing to my client (CORS)?

Answer 1 · 2015-02-26T14:54:04.000Z

For us we just return the token in the reply and set it in the cookies with the correct domain on the client. We had to make sure that the domain we used with the .domain.com not api.domain.com or web.domain.com; we use the same base domain for our web and api.

Answer 2 · 2015-02-26T18:53:02.000Z

This library doesn't create new tokens, it verifies existing ones. You should create your own login endpoint that allows a user to authenticate (check username/password) and upon success return a token in the response body. On the client side you can store the token however you want...in a cookie or in local storage.