Hello! This is a very newbie question but just starting to learn now. When doing a login with social (my example GitHub), I receive an access token from the service then I register the user on my database with username and email, but what do I do with the token?
Should I store the token on the database then send it to the client to store there too so they can login?
Should I generate my own token and store then send to the client?
Or would it be something else?
Just trying to understand a bit this concept, seems so complex for me.
Thank you!
a
AZch
01/25/2021, 2:49 AM
Hello!
If you write using the rest methodology, then your backend should not store states, so you need to send the generated token back to the client, and then, as part of the request, each time (where necessary) send it to the server, with the help of which you will receive user data and either give him access, or reject with an error, and also get his meta information by which you can find him in your database
Hope this helps
m
Mark
01/25/2021, 3:19 AM
Alright thank you! Starting to understand now.
So, let's say the client which is logged in and has the token requests data, it would send the token back to the server then the server would "ping" GitHub's api to for example get the username, then with the username it would get the data from the database, is this correct?
a
AZch
01/25/2021, 3:26 AM
yep, the server can already contact an external service to get any data
m
Mark
01/25/2021, 4:05 AM
Thank you so much!
👌 1
a
asad.awadia
01/25/2021, 8:44 PM
That token is for you to get the user's information from github
It should not be sent to the client
You will create your own token or session that goes to the client
m
Mark
02/06/2021, 2:12 AM
Alright, thank you! Once I create the token do I store it somewhere in the server?
a
asad.awadia
02/06/2021, 2:13 AM
Depends if it is a session stateful token or jwt style stateless token
If it is the classic session token then yes
If it is a jwt then no because the user is embedded in the token
m
Mark
02/06/2021, 2:17 AM
Oooh okok, I've been trying to do JWT so far. Well thank you I really appreciate it!