How to determine if user is logged in at the client-side?
YannisMarios opened this issue · comments
Hello,
I am using the authorization code grant because I want to build a trusted client to manage my users clients, tokens etc. In my client i build the authorization url and then I present a login form to the user. Upon successful login, If the client is trusted I do not show the authorization dialog. Then I make a request from the client to the token endpoint with the authorization code and I get the access and refresh tokens.
The flow goes like this:
- LocalStrategy
- Grant authorization code
- Client Password strategy
- Exchange authorization code for access token and refresh token
At the auth-server in my index.js I have:
app.use(session({
saveUninitialized : true,
resave : true,
secret : config.session.secret,
store : rdbStore,
key : 'authorization.sid',
cookie : { maxAge: config.session.maxAge, secure: true }
}));
and all sessions are stored in the RethinkDB
Also the authorization.sid is in the cookie at the client side.
At the client after I receive the tokens the req object does not contain either req.session or req.user.
I want to be able to determine if user is logged in at the client-side.
I know it may sound silly because I since I have the tokens I must have logged in.
I am knew to this oauth2 stuff and I would like to know what is the best way to determine if a user is logged in at the client side when using authorization code grant?
Thank you
Per the new issue template, this conversation should move to the discussion forum. Closing.