I have looked into the documentation and it looks like there is a way to log a user in via their API: https://developers.onelogin.com/api-docs/1/samples/login-user-via-api
But in the final step mentioned in that document, "Onelogin will start a session and insert a cookie in the user's browser". I can implement until here.
I have a single page application hosted on S3 and my REST API is on an EC2 instance. SPA makes requests to the REST API. REST API doesn't have any session so each request would need to get authenticated. Right now, I have implemented Passport.js authentication strategy using JWT.
I would like to use OneLogin to authenticate every request at the REST API level. Inserting a cookie into user's browser works, I can send requests to the API but how am I going to authenticate at the Node.js API that each incoming request is valid?
I have looked through a lot of OneLogin documentation and doesn't seem to find the right path.
Can anyone please help me? Maybe I am just thinking it all wrong. Any help in the right direction would be appreciated.
via mayurc
No comments:
Post a Comment