I did jwt authentication in my previous projects but never worked with oauth/passport auth before.. it's been 3 days i have been learning about passport strategies and i have implemented google+ strategy. I got new project and this project requires to let users signup/signin themselves with google or facebook or with signup-form using firstName, lastName, phone number and password..
- Very briefly in jwt server sends a token to the client and then client sends that particular token in the request header back to server to have access to protected routes.
- In passport google strategy a cookie is saved in the browser and is send to server on each request.
What i think is
i cant use two different approaches in one project.. like if i use jwt for signup form and cookie for google strategy how am i gonna protect my routes then? with token in headers or with cookie in browser
Now my question is
how can i use both in the same project?
- In google strategy should i generate jwt (token) for client in serializeUser() or somewhere else or what else is possible?
- Or should i save jwt token in a browser cookie like passport?
I presented things very briefly, i hope you get it what i'm trying to do here
