Tham khảo
- Trang trủ Passport
- Ví dụ đơn giản nhất sử dụng http-bearer client browser, postman hay curl gửi access-token trong authorization header hoặc query string lên server. Server kiểm tra rồi trả về
- Hiểu passport authentication flow Tiếp theo sẽ thử nghiệm ActionHero microservice sử dụng Passport + Stragetegy http-bearer
Giải thích tại sao disable session
Disable Sessions
After successful authentication, Passport will establish a persistent login session. This is useful for the common scenario of users accessing a web application via a browser. However, in some cases, session support is not necessary. For example, API servers typically require credentials to be supplied with each request. When this is the case, session support can be safely disabled by setting the session option to false.
app.post("/secret", passport.authenticate('jwt', {session: false}), (req, res) => {
});
