Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sasha Yashchuk2019-04-07 23:05:03
JSON Web Token
Sasha Yashchuk, 2019-04-07 23:05:03

How to correctly transfer JWT from the server to the client during authorization?

Good day to all! There was such a question, I do authorization for the application as follows:
the user fills out the form (email and password), the submit button sends the data to the server using XHR, the server receives the data, the passport.authenticate('local', {...}) function fires, when a valid email and password are entered, the function generates a JWT , which I pass to ctx.body so that when the 'load' event is triggered, the XHR function will run a callback in which I will intercept the JWT from the server and save it to localStorage, so that later when I go to the page ' /chat' pass my jwt to the socketIo-jwt module. The problem arose in the fact that if I call the ctx.redirect ('/chat') method in the passport.authenticate () function after passing the JWT, then in the XHR function on the client I receive not a token, but a chat.pug page

Tell me what I'm doing wrong or how can I organize the code so that I can send a token to the client and automatically redirect to the next page?

//  сервер
login: async function (ctx, next) {
        console.log('мы в функцию логин заходим?');
        console.log(ctx.request.body);
        await passport.authenticate('local', {session: false}, async function (err, user) {
            if (!user) {
                console.log(`не видим юзера`);
                ctx.redirect('/login');
            } else {
                console.log(`видим юзера`);
                const token = await user.createJWT(user.email, user._id, config.get('JWTSecret'));
                ctx.status = 200;
                ctx.body = {userName: user.displayName, token: token}; /* если передаю просто ctx.body -- на клиенте получаю токен*/
                ctx.redirect('/chat'); /* если оставляю метод ctx.redirect() -- на клиент уходит сам файл chat.pug*/
            }   
        }) (ctx, next);

// клиент
function logIn () {

        const candidate = {
            email: document.getElementById('inputEmail').value.trim(),
            password: document.getElementById('inputPassword').value.trim()
        }
        let xhr = new XMLHttpRequest();
        xhr.open('post', '/login', true);
        xhr.setRequestHeader("Content-Type", "application/json");
        xhr.addEventListener('load', () => {
            const dataFromServer = JSON.parse(xhr.response);
            localStorage.setItem('token', dataFromServer.token);
            alert(`welcome ${dataFromServer.userName}`);
        });
        xhr.send(JSON.stringify(candidate));
    }

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
E
enchikiben, 2019-04-09
@Alex_bliznec

you need to do a redirect on the client side, if a token has arrived, then do location = "/chat"

Similar questions
A
Andrey Rudakov2022-01-21 12:35:32
Is it possible to change the payload in a JWT? 1Reply
A
alaskafx2022-01-23 12:08:31
What is the best way to make/improve user login logic? 1Reply
H
hayipoji2022-01-29 00:50:09
Does it make sense to use your own implementation of authentication and authorization using JWT in projects when there is OAuth2? 1Reply
D
di2018-12-05 13:14:16
Does refresh_token need to be JWT if access_token is JWT? 1Reply
A
angover2018-12-23 23:22:16
Is everything correct in this authorization process? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question