Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
unfapable2016-09-24 11:54:21
JSON Web Token
unfapable, 2016-09-24 11:54:21

How does CORS and JWT work in Laravel?

There was already a similar one here, but no detailed answer was given. And my question is a bit off topic.
What interests me is this: when a user logs in, he is given a token, and where is it then stored? I mean, when I re-enter the site, I no longer require authorization, but there is nothing in the cookies. And why is an OPTIONS request sent every time? As I understand it, it is needed to get a token, but where does it get it from, where is the token stored?
I'm making an API and want to enable external resources (from other domains) to access it. But I ran into the question, how, after authorization, to get a token? The Authorization header appears only after a request of the OPTIONS type, it is not clear how and where the token is stored, how it is determined, because it always remains the same, is it stored somewhere in the cache?
I would be very grateful if someone could help me. I read the documentation, but as I already wrote, it is not clear in the end how to get the token of an already authorized user.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey, 2016-09-24
Protko @Fesor

What interests me is this: when a user logs in, he is given a token, and where is it then stored?

on the client somewhere. The server should not worry about this, it does not store it. Well, that is, you received a JWT token, which means you need to check the signature. The signature is valid - the token is valid.
not authorization but authentication. Well, perhaps the token is transmitted in the headers (usually, anyway).
This is already related to CORS and is called freflight request. Before each request, your browser asks the server "what can I do with this url?". Well, the server returns based on your host, etc.
Typically, options requests do not require authentication. Well, at least in the ishus tracker for jwt, someone 100% asked questions about how to make friends with lib and cors.

Similar questions
J
jeruthadam2019-08-08 20:25:19
How to make a general authorization for a grid of sites? 2Reply
S
Shane Matte2017-04-02 16:05:18
How does jwt generate a token on the server? 1Reply
I
ivandao2019-09-27 15:56:03
Does it make sense to use cookies in new projects, or is it enough to replace everything with JWT? 2Reply
M
motomac2015-05-27 13:41:58
How to organize REST API with OAuth 2.0 and JWT for mobile applications? 1Reply
A
animr2019-10-22 13:34:04
Why doesn't the jwt class see the file in the same folder? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question