Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
unfapable2016-09-24 11:54:21
JSON Web Token
unfapable, 2016-09-24 11:54:21

How does CORS and JWT work in Laravel?

There was already a similar one here, but no detailed answer was given. And my question is a bit off topic.
What interests me is this: when a user logs in, he is given a token, and where is it then stored? I mean, when I re-enter the site, I no longer require authorization, but there is nothing in the cookies. And why is an OPTIONS request sent every time? As I understand it, it is needed to get a token, but where does it get it from, where is the token stored?
I'm making an API and want to enable external resources (from other domains) to access it. But I ran into the question, how, after authorization, to get a token? The Authorization header appears only after a request of the OPTIONS type, it is not clear how and where the token is stored, how it is determined, because it always remains the same, is it stored somewhere in the cache?
I would be very grateful if someone could help me. I read the documentation, but as I already wrote, it is not clear in the end how to get the token of an already authorized user.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey, 2016-09-24
Protko @Fesor

What interests me is this: when a user logs in, he is given a token, and where is it then stored?

on the client somewhere. The server should not worry about this, it does not store it. Well, that is, you received a JWT token, which means you need to check the signature. The signature is valid - the token is valid.
not authorization but authentication. Well, perhaps the token is transmitted in the headers (usually, anyway).
This is already related to CORS and is called freflight request. Before each request, your browser asks the server "what can I do with this url?". Well, the server returns based on your host, etc.
Typically, options requests do not require authentication. Well, at least in the ishus tracker for jwt, someone 100% asked questions about how to make friends with lib and cors.

Similar questions
O
Orc2020-06-22 20:55:25
How to organize routing on the Flight microframework to process routes with a JWT token in the header? 0Reply
7
700Hp2021-09-22 08:56:23
Postman and creating admin accounts for third-party sites. How to protect yourself? 1Reply
M
mrrangerr2020-06-27 22:50:42
How to pass JWT token in request's get header? 0Reply
9
95506682020-07-09 01:16:21
How to do the Authentication process in Django? 1Reply
P
pagicor2021-11-04 16:09:09
Does the refresh token have to be a random string? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question