I am using android, nodeJS and postgreSQL to build a aplication, and I have a problem that I don't know how to solve :/.
Basicly everytime i login i retrieve a JWT token and store it on the SharedPreferences on android, if the user already has a token in the preference i check if it has already expired or not but that are other stories.
The important to understand for me is related to the decoding of this JWT, when i login i need to decode this token to show the user information
Should i decode it on the mainActivity and pass it trought activitys with intents?
or should i decode it every request?
i have a function that decode my jwt token but just if the user does a request, like this:
var express = require('express');
var User = require('../models').User;
var router = express.Router();
var jwt = require('jsonwebtoken');
// route middleware to verify a token
module.exports = function () {
return function (req, res, next) {
// check header or url parameters or post parameters for token
var token = req.body.token || req.query.token || req.headers['x-access-token'];
// decode token
if (token) {
// verifies secret and checks exp
jwt.verify(token, app.get('superSecret'), function (err, decoded) {
if (err) {
return res.json({ success: false, message: 'Failed to authenticate token.' });
} else {
// if everything is good, save to request for use in other routes
req.decoded = decoded;
next();
}
});
} else {
// if there is no token
// return an error
return res.status(403).send({
success: false,
message: 'No token provided.'
});
}
}
};
what is the best way to solve my problem? i can't figure out :S
via Cris dois
No comments:
Post a Comment