Token store is a pluggable SDK module, that stores the user's session information.
The SDK ships with three token store implementations. They are:
Reads and stores the session information to HTTP cookie. This token store is used by default, if SDK is used in environment where cookie are available (i.e. browser).
The constructor takes the following options:
Key | Descriotion |
---|---|
clientId |
The clientId |
secure |
Boolean. When true , the cookie will be transferred only with HTTPS requests |
Please note: Some browsers, like Google Chrome, do not set cookies
when using file:///
protocol. In this case, you can use Memory
store.
This token store is meant to be used with Express.js server. Read and stores the session information to HTTP cookie.
The constructor takes the following options:
Key | Descriotion |
---|---|
clientId |
The clientId |
req |
Express.js request |
res |
Express.js response |
secure |
Boolean. When true , the cookie will be transferred only with HTTPS requests |
Example: Create new SDK instance with Express cookie store:
const express = require('express');
const cookieParser = require('cookie-parser');
const sharetribeSdk = require('sharetribe-flex-sdk');
const app = express();
// The token store expects that cookieParser middleware is in use
app.use(cookieParser());
app.get('/', (req, res) => {
// Initialize the SDK instance
const sdk = sharetribeSdk.createInstance({
clientId: "<your Client ID>",
baseUrl: "<your Base URL>",
tokenStore: sharetribeSdk.tokenStore.expressCookieStore({
clientId: "<your Client ID>",
req,
res,
secure: true // Set to true, if you are using HTTPS
}),
});
// Call the SDK to preload listings
sdk.listings.search({ ... }).then((listingsResult) => {
// do rendering etc.
});
});
Serious security note: Always create a new SDK instance per each request! Do not store and reuse the SDK instance or you may end up mixing user sessions.
❌ Example: DON'T DO THIS!
// DON'T DO THIS!
//
let sdk;
app.get('/', (req, res) => {
// Initialize the SDK instance
sdk = sharetribeSdk.createInstance({
clientId: "<your Client ID>",
baseUrl: "<your Base URL>",
tokenStore: sharetribeSdk.tokenStore.expressCookieStore({
clientId: "<your Client ID>",
req,
res,
secure: true // Set true, if you are using HTTPS
}),
});
// Call the SDK to preload listings
sdk.listings.search({ ... }).then((listingsResult) => {
// do rendering etc.
});
});
app.get('/something_else', (req, res) => {
// OOPS! The previous user session is used here!
sdk.listings.search({ ... }).then((listingsResult) => {
// do rendering etc.
});
});
Memory store stores the session information to application memory. The session information is lost when the page is refreshed.
This store is mainly used for testing and development.
In case you are testing locally from file:///
, you may need to use memory store, because some browsers (e.g. Google Chrome) do not save cookies when using file:///
making the default Browser cookie store unusable.