How to use JWT correctly?

R

Roman2016-12-29 20:20:23

JSON Web Token

Roman, 2016-12-29 20:20:23

There is a web application, before the authorization system checked the login password and if everything is fine, then there was a redirect to the profile page, otherwise back to the authorization page. What if you decide to use jwt?
The following scheme appears: the client sends a login and password, receives a token in response, then, depending on the server's response, the client himself decides to go to the profile page or enter the data again?
I correctly imagine the logic of work?
Also interested in what to do in the case of normal authorization after the expiration of the token?
After all, it turns out to be ugly if the user walks around the site and at some point, when requesting a resource, he receives a thrashing, requiring authorization.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

reifter, 2017-01-05
@losaped

Approximate scheme of work:

Client enter username and password
Server generates jwt token
The server saves in cookies or sends a token to the client (depends on your project)
If the token was sent to the client, he saves it in sessionStorage or localStorage or somewhere else
The client accesses the server:
- if the token is in the cookie, the server pulls it out of the cookie and checks the validity.
- if the token is stored by the client, he must send this token with each request to the server
You can recreate the token, for this the client does not have to enter the login and password again.