How to properly implement JWT in PHP?

P

PoodingRex2017-06-03 09:17:47

PHP

PoodingRex, 2017-06-03 09:17:47

All the best time of the day. Please explain how JWT works. How much I read, I just can not understand the whole picture. There are ready-made examples on github, but I don’t want to use them without understanding.
As I see it:
1) The user sends a login and password to the server
2) They are checked in the database, if they match - the server generates a token of the form HEADsdfsfddsf.PAYLOADsdfsfsfs.SIGNATUREsdfslqeqa
3) The token is stored in LocalStorage or other storage from the user + in the database
4) Each time when a request is made to the server, a token from LS is added to it
5) The server checks the token from the user and the database. If everything is good - gives the rights.
Do I understand correctly? Maybe somewhere there is detailed information about the principle of implementation in Russian? Preferably without binding to frameworks.
Thanks in advance for your reply.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Aksentiev, 2017-06-03
@Sanasol

The server checks the token from the user and the database.

no, the JWT salt is just in self-sufficiency, all the necessary information is stored there to identify the user + signature to check the validity.
The token is not stored in the database. The maximum secret key to generate the signature.
On the server, you only need to verify the signature, for this the server generates its own from its secret key or something like that. And if they match, then everything is ok.