ARTICLE AD BOX
I'm building an application which integrates a 3rd party SSO (IVAO) to authenticate users. My stack is React frontend and NestJS backend. This is the user flow:
User signs in with IVAO SSO
The user details details are stored in my database
Backend emits a JWT to authenticate against protected endpoints
However I'm not 100% sure how to approach the authentication flow, code-wise. I have a few proposals in mind:
Proposal 1
Frontend redirects to IVAO SSO
IVAO SSO redirects to a /callback endpoint in backend which stores user data + creates JWT
NestJS redirects to frontend with JWT stored in a header
Frontend stores JWT
Proposal 2
Frontend redirects to IVAO SSO
IVAO SSO redirects to a /callback route in frontend which makes a POST request to an API endpoint including the JWT provided from IVAO
Backend stores user data + create and return JWT to frontend
Frontend stores JWT
Proposal 3
Frontend calls a protected route behind guard in NestJS backend which triggers IVAO SSO
IVAO SSO redirects to a /callback endpoint in backend which stores user data + creates JWT
NestJS redirects to frontend with JWT stored in a header
Frontend stores JWT
I'm creating a new JWT because I want to add more data in it that doesn't come from IVAO.
Which of the 3 proposals is the best? Would you change anything from any of these? Is there any other?
