0

I'm creating a SPA app with Vue.js (will be stored on remote server) and I'm confused as to what I should use.

At first I considered the use of Passport, but I don't understand how to make an API with Passport for 1st party only. Also I don't understand, how to make it quite secure if I need to send to the server my client-secret and client-id.

Then I read more about JWT, but there's no scopes for my tokens and no refresh tokens. It means if somebody stole the token from localStorage, then he will get access to this user permanently.

And one more question about the token access and API. I read a lot about different token expiration when it depends on its importance. It means token for changing password must be valid for a period of 5 minutes, but token for reading some information should be valid for 6 months. Is it right and how to do this right?

About JWT or Passport - what should I use then?

Alexxosipov
  • 1,215
  • 4
  • 19
  • 45

1 Answers1

0

If you access api directory from client(using angular/react/vue js..) I suggest you to use Passport. in the passport there is a option call Password Grant Tokens, so user have to enter user credential and it'll generate a token(you can adjust the lifetime of the token) and when it expire you can refresh it. And yes if someone stole your token they can access your data

Read this if you want to know more: https://stackoverflow.com/a/34983109/801448

Supun Praneeth
  • 3,087
  • 2
  • 30
  • 33