[question] JWT auth/localStorage: what controls the global context ?
addijhaq opened this issue · 4 comments
My question is in regards to fragments/ aggregation of fragments.
All of my fragments require get requests have an attached "global" jwt...
Is this handled by tailor? or is there something else (skipper?) that handles making sure that all http communication has correct headers/cookies set?
Also, is there a way for each fragment to access the global localStorage of the page in which the fragment is being loaded?
From my experience you can access the localStorage form the front end code in any fragment. If you are trying to pass data through to the fragments you will need to use the x-request-uri header in Tailor.
All of my fragments require get requests have an attached "global" jwt...
If it inside cookies or other request headers (that was set on client side) you can configure Tailor to pass JWT to upstream services.
Check parameter filterRequestHeader and default implementation here.
Also, is there a way for each fragment to access the global localStorage of the page in which the fragment is being loaded?
Yes, you can access global objects from any fragment if you want to share any data. Here is response from maintainer to similar question
If it inside cookies or other request headers (that was set on client side) you can configure Tailor to pass JWT to upstream services.
Check parameter filterRequestHeader and default implementation here.
let me give you an example, a user logs in, server responds with jwt in header, loads the home page, home page has calendar fragment and task fragment. calendar makes request for data without having to set jwt as the homepage context includes auth: bearer token into header... is this possible?
If calendar will request data only when it will be rendered in browser (on user interaction for example) then you don't need to care about Tailor, just call your backend API in a way that your prefer. Simplest way will be if your backend will set Cookie with Set-Cookie: session=<JWT>, in that case every request from browser will be performed with this cookie (with some exceptions according to how cookie works) and you can get JWT in backend from cookie.
If you need JWT on step when Tailor resolve fragments (before page is actually loaded in browser), then again set it with Cookie, for example, and check parameter filterRequestHeader and default implementation here