-1

I have some questions about the login process in LoopBack 3 and modern SPA

  1. The access token generated from users/login is JWT?
  2. How to properly (safely) store a token generated from users/login on the modern SPA side? Just save them in localStorage or Cookies and after reading, attach them to API queries?
Adee
  • 357
  • 1
  • 3
  • 13

1 Answers1

1

  1. The accessToken generated by Loopback is not a JWT. It does not contain encrypted user data.

  2. You could store it as a cookie on the browser and attach it to subsequent API queries.

Usually I use Redis to store my accesstokens so that the server can be stateless. This is a better solution if you have autoscaling configured.

Sashi
  • 2,659
  • 5
  • 26
  • 38
  • Is there a way to configure Loopback 3 to generate JWT accessTokens? – Juan Ignacio Barisich Feb 07 '20 at 13:15
  • 1
    You could try these packages - https://www.npmjs.com/package/loopback-jwt-advanced or https://www.npmjs.com/package/loopback-jwt. I dont work with Loopback anymore so my answer may not be the best. Please consider asking a separate question to get help from the wider community at Stackoverflow :) – Sashi Feb 08 '20 at 01:26