This probably makes no sense.
I am using passport.js to authenticate users in the app using a JWT token.
This is how the token is generated:
jwt.sign(
payload,
keys.SecretKey,
{ expiresIn: 3600 * 24 * 356 },
(error, token) => {
res.json({
success: true,
token: "Bearer " + token,
});
}
);
And then in each http request, I add the token in the Authorization header.
I'm trying to limit access to AWS S3 images only to logged-in users.
One way to do this is to generated signed url each time a user tries to access an image like I am trying to do here which is not perfect (at least so far).
So I wonder, if I can do something, maybe use an S3 policy that would allow me to use the JWT token to give access to authenticated users access to S3 resources.
