I asked this question earlier, but I do not think I was right. So I'm reshaping to try to be clearer.
-
I have several API Rest, where I use basic http, to avoid direct access.
-
Front-end in AngularJS, decoupled from all API Rest. Where this front accesses all the APIs, sending in the headers the authentication (basic http). It's working properly.
-
I'm developing another API Rest, which has the responsibility of authenticating the users of the company and generating tokens. I am using (io.jsonwebtoken), I can generate the tokens, with the necessary permissions of each user.
-
On the front end, I'm using (angular-jwt), I made tests by logging in, storing the token in Local Storage, retrieving this token, and picking up the information of the user who logged in, logout with remove the token and worked correctly.
The strategy I thought of adopting is as follows:
-
When the user successfully logs in, I will generate the token, store it in Local Storage and use the (jwtHelper.decodeToken) of angular-jwt to store this user's information ($ rootScope.userUserAuthenticated) for example .
- p>
Is the best practice for this situation?
I thought that way, because I will not need to send the token in the requests of the other Rest APIs.