-2

I'm trying to do google authentication in my website, where the user gets authenticated on a page. After authentication, it generates a code which contains access_token and refresh_token, and I want to send it to my Node server.

I know Xhttp is a way but I want to avoid that.
So I tried using handle bars. But they only work for html right?

Is there anyway I could use something like helpers to send my code to the server?

I tried to get around some posts like:

I'm new to Node.js so any guesses or any reference to the docs?

theAlexandrian
  • 870
  • 6
  • 18
P.hunter
  • 1,345
  • 2
  • 21
  • 45
  • You send data from a browser to a server using Ajax. In the browser, you can either use the `XMLHttpRequest` API or the newer `fetch()` API. Those are your two choices. – jfriend00 Feb 18 '18 at 05:52
  • yea actually i want to avoid `XMLHttpRequest ` and in the link above I've just found that [RequireJS](http://requirejs.org/docs/node.html) is an option too. but i'm finding a way if node has a inbuild way for it, moreover i'll have a look at `fetch()` – P.hunter Feb 18 '18 at 05:55
  • Why would you want to avoid XMLHttpRequest? That's what RequireJS uses inside. node is your server. It doesn't have anything to do with how you send data from the browser to it. You have to use one of the interfaces built into the browser. XMLHttpRequest or Fetch. It sounds like you don't really understand what's going on between browser and server and makes me wonder if you've properly described what you're trying to do. Perhaps we don't yet understand? – jfriend00 Feb 18 '18 at 05:57
  • okay, so `requireJS` uses that, but i was wondering if Node had some functionality to communicate with js files. – P.hunter Feb 18 '18 at 05:59
  • i tried to avoid that because i think it might be vulnerable however, i'm checking out [this](https://developers.google.com/web/updates/2015/03/introduction-to-fetch) – P.hunter Feb 18 '18 at 06:01
  • 1
    If you're talking about a JS file running in a web page in the browser, then node has nothing to do with the choices at all. You are limited by what the browser supports. The browser offers http requests (via XMLHttpRequest or fetch) or webSocket requests via the webSocket interface. Pick one. – jfriend00 Feb 18 '18 at 06:02
  • sure thanks, i'm certainly new to this – P.hunter Feb 18 '18 at 06:02
  • 1
    Not sure what you mean by vulnerable? Vulnerable to what? Major web pages all over the internet use XMLHttpRequest. At the base protocol level, XMLHttpRequest, fetch and webSocket all start with an HTTP request. XMLHttpRequest and fetch are just different interfaces for making the request and getting the response (fetch is a bit more modern). webSocket leads to a persistent connection on the webSocket protocol that you can keep alive for a long time and send or receive data over it. – jfriend00 Feb 18 '18 at 06:07

1 Answers1

1

One standard way is setting access token and refresh token on Cookie, so it will be sent with every http request to the backend and can be extracted on server side (node), for example if you use express:

var express = require('express');
var cookieParser = require('cookie-parser');

var app = express();
app.use(cookieParser());

this will set req.cookies with an object keyed by the cookie names.

Another option is to use http Authorization header to send the tokens.

Lena Kaplan
  • 756
  • 4
  • 13
  • So, in short the user authenticates and i get the code i set it to the cookie and after that i can get the code using `require('cookie-parser');` module right? – P.hunter Feb 18 '18 at 08:51
  • Yes. you get the value of named cookie as req.cookies.. For example if your cookie name is access_token you will get the value of that cookie by req.cookies.acess_token. as described in express docs :http://expressjs.com/en/api.html#req.cookies – Lena Kaplan Feb 18 '18 at 09:51