Using with a traditional Express app

[richardhomewood]

Hello,

I am looking at using superlogin to provide authentication for a SPA and also a more typical server-side admin site, which is an Express-backed NodeJS site).

Is there a use case or a way you could suggest for me to use superlogin as a way for authenticating all requests to the Express app? How do I make sure the Authorization Bearer token comes through with each request to the Express app?

Apologies if I'm way off or missing something here!

[peteruithoven]

You can use the superlogin.requireAuth middleware for example. More on securing routes: https://github.com/colinskow/superlogin#securing-your-routes

This is all server side only, you'll need to use a superlogin client to make sure it's send, like superlogin-client. When doing other requests from your client you could then use superlogin.getHttp().

[micky2be]

Also take a look at the Quick Start you"ll see that superlogin is made to be used with Express without trouble. For more help you can also take a look at the demo.

[richardhomewood]

Thanks both. Though I'm wondering if there's a way of using superlogin for typical HTTP GET requests, eg:

1. GET request for an Express page
2. Express receives a cookie rather than the Authorization Bearer token
3. Express then authenticates this with superlogin

I'm pretty sure I'm missing something here (probably even the purpose of the library!) so apologies again if I'm completely off! Thanks

[peteruithoven]

I don't believe Superlogin supports cookies. But otherwise, with Authorization Bearer tokens it can do what you want.