Answer the question
In order to leave comments, you need to log in
S
S
Sergei R2017-03-16 21:59:42
Sergei R, 2017-03-16 21:59:42
How to properly organize jwt authorization?
Greetings, I'm interested in this question more theoretically than practically.
Let's assume a client is given, in this case it doesn't matter if it's a browser, mob. application or other software and API server.
1. Registration, everything is clear here, the client sends data, email and password, gets the OK status and a token back.
2. Authorization, the client sends the email and password data, gets back the OK status and the token.
3. Authentication for requests, perhaps the most interesting thing here.
And so, sending a token with each request, the server must unpack it, contact the database, pack and send the updated token, or am I not understanding something?
Thus, by sending it back, the token will extend its lifetime.
About the time of life. The lifetime should be set by the server (API), by what principle, each request or?
About accessing the database on each request for authentication, isn't it bold?
Similar questions
N
L
LinuxGod2020-06-09 14:01:13
How to check and validate authorization tokens on the client side?
1Reply
J
K
W
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question