Stateless JWT auth for Vuejs and Express App


I’m using a facebook only login system. I’m using the following login flow.

  1. On clicking the login button, client(Vuejs) redirects to a page rendered directly from the server.
  2. Server shows the Auth0 login page, gets the user and makes a JWT.
  3. Server redirects to the client page with JWT as query Params.

Issue that I am facing: As sending the token through query params is not very secure I want to know is there a way in which I could send(from client) some kind of code or token to Server, get it validated by the server and get in return a JWT in the response.

I could think of how to achieve this when I am using username and password, but with Auth0 Facebook login, I am not sure what I should be sending in the AJAX call to my server.

Any help would be highly appreciated.

There is a ready to use Auth0 flow for this, though. Your Vuejs application is a single page application and your Express app is an API.

Just send the access token Auth0 gives your SPA as an Authentication header to your Express app and validate it there using the library provided by Auth0.

If you don’t like storing the access token on the client side, you can also just make Auth0 send the callback to your Express app, store the session server side and do the authentication purely on the server side. So the SPA would always load and you wouldn’t have any idea if the user is authenticated until and API call is made. There isn’t a direct doc for that, I believe, but the technique is basically the same as if you were building a straight up regular server side application.

Here is a quickstart to get you going with that too: