node.js – NodeJS – Authentication by token?


I'm following an example here about authentication in and it's working normally, but I would like to know if passing the token through the URL would really be the correct way or if there is any method that is better.


Yes, you can pass the token through the URL itself.

Note that in the example, JWT is used, which is a standard for passing tokens and session data between the client and the server, reducing the need for the server to maintain session data.

Care should be taken only under no circumstances to send sensitive information to the client, especially over an unsecured connection, as the JWT payload field can be retrieved in full.

Another option, in addition to sending the token along with the URL, is to use a cookie or a specific field in the HTTP header, but in all cases, there is no security gain for one over the other.

Scroll to Top