Arthur Frankel Arthur Frankel - 1 month ago 22
AngularJS Question

Looking for more info with the loopback + passport strategy

I'm interested in creating an application using loopback and passport (and AngularJS).

I see this example app which I have up and running and I'm able to log in via google. What I don't quite get is how this should work with an AngularJS app. Using the example app, everything is done on the server (auth). Once I'm logged in, how does this relate to the Access Token needed between the client (AngularJS) and the loopback server? I can see the user created with the access token from google and other identity information but how does that "connect" with the access token required by the client (AngularJS)?

Answer

I'm mostly beginning with it as well but here is what I grasped so far:

3rd party provider <--- OAuth token ---> Loopback app <--- LB Token ---> Client

The OAuth token, used to interact with third party providers is abstracted by passport and so far I never needed to interact with it.

Basically, once you are logged in using OAuth, a LB token must be generated and provided to the user so that the user can be further identified.

To do that, I implemented some custom code inside serializeUser. My custom user model is called Client

app.serializeUser = function(userDataToSerialize, done) {
    app.models.Client.create({
        email: userDataToSerialize.email,
        password: userDataToSerialize.password
  },
  function(err, user) {
    if (err) return done(err);

    app.models.Client.generateVerificationToken(user, function(err, token) {
      if(err) return done(err);

      done(null, {
        userId: user.id,
        accessToken: token
      });
    });
  };

I create a new client, then generate a token for that user. Calling done(null,..) with both the token and user id will let passport put this data into the session, and thus should be accessible client-side.

This way, the Angular app should be able to get the user id and access token, be properly identified by Loopback, then the Loopback app can make requests to third-party providers on behalf of identified user.

Hope this helps