I want to die.
I've made a back-end in express.js, passport.js and express sessions. Everything worked perfectly. I only used external authentication and stored profile id's. My next goal was to make the back-end a REST api and front-end as a React app. Fetching blogs on react from /blogs/get/:tag is working fine but those two apps are hosted under different subdomains. How can i save cookie or something on the main subdomain to login onto the api.example.com?
My English is bad because it's 00:26 AM for me
Did you try Set-Cookie - HTTP | MDN?
Normally you'd store your access token in localStorage, then when you make a request to the other API you send this token along with the request through an Authorization header and at that point we name the token a bearer token, see: https://tools.ietf.org/html/rfc6750 (also see point 2.1). At that point your API has to do something with the token to figure out if it's valid and what user it belongs to.
If you google along the lines of 'passport bearer token authentication' you'll probably run into some useful stuff.
Sorry, you need to Log In to post a reply to this thread.
