Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

2
What is a good shared token authentication strategy for multiple apps?
Post Body

Currently we have a single Flask API that serves our mobile application. It uses short-lived JWT tokens with a refreshing mechanism for authentication and that all works fine.

We need to add a chat server, which is something that we'd like to create a separate API for (probably in Node). The difficulty is how to manage sharing authentication between the two. Specifically anyone using the chat must have a valid token retrieved from the Flask API.

Can our Node app check the validity of the token if we have it setup with the same JWT secret as in the flask API?

If we find that a token is expired from the Node app, how can we manage refreshing the tokens?

Author
Account Strength
60%
Account Age
8 years
Verified Email
No
Verified Flair
No
Total Karma
617
Link Karma
360
Comment Karma
176
Profile updated: 5 days ago
Posts updated: 2 months ago
skyloather123

Subreddit

r/webdev

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
8 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/webdev/comm...