I don't quite understand the workflow of Third-Party Authentication. I am trying to create an SPA application with back-end on express and front-end on React. The application should handle webhooks from GitHub API.
I've managed to authenticate the user on my back-end but how do i send the access_token to the front end? (So i can do ajax on front-end).
GitHub allows to send ajax requests with token bearer.
Example:
curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/user
Do i send the JWT token instead to the front-end via query string? But then what do i do?
You can add an endpoint to your web back end such as GET /token. However, this would need to be protected via an authentication cookie that your web back end issues.
If you are building an SPA then an alternative option (which I prefer) is to be entirely cookieless. This is done via the following steps:
If interested in this approach, have a look at these resources of mine: