I am wondering how a safe way to log in using OpenID in my AngularJS application with Node.js backend and socket.io for real time.
The fact is that OpenID forces me to use a new window for the redirect dance, so my setup is:
- Angularjs displays a view using a button. (it remains open)
- The button opens a new window and loads my server, / auth / openid / where I set the afterword url and redirect to the openid site.
- The open site redirects to my backlogin server / auth / afteropenid / where I process the user data and create a JsonWebToken.
My problem is that I really donβt know what is the best way to proceed. I have to somehow send the JWT to AngularJS.
One of the ways I see it is to transfer the request to AngularJS, here I could do everything in one window, angular> openidsite> angular (with a token in querystring). I would configure AngularJS to handle the route and work with the token. I don't know how safe this is if the JWT in querystring seems like a bad idea.
Another way that I see is using socket.io, my application is already using this, I do not enable it just to login to openID.
- When I open a new window, do I add an open socket identifier,
/ Aut / OpenID? SocketID = XXXXXX - Then, after the openID site redirects back to the server, / auth / afteropenid? socketID = XXXXXX, I am creating a JWT and I am sending it using socket.io for an open AngularJS socket.
, , cookie , angularJS.
, , , , , , , , . , angularJS , .