R
R
Roman2016-12-29 20:20:23
JSON Web Token
Roman, 2016-12-29 20:20:23

How to use JWT correctly?

There is a web application, before the authorization system checked the login password and if everything is fine, then there was a redirect to the profile page, otherwise back to the authorization page. What if you decide to use jwt?
The following scheme appears: the client sends a login and password, receives a token in response, then, depending on the server's response, the client himself decides to go to the profile page or enter the data again?
I correctly imagine the logic of work?
Also interested in what to do in the case of normal authorization after the expiration of the token?
After all, it turns out to be ugly if the user walks around the site and at some point, when requesting a resource, he receives a thrashing, requiring authorization.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
reifter, 2017-01-05
@losaped

Approximate scheme of work:

  1. Client enter username and password
  2. Server generates jwt token
  3. The server saves in cookies or sends a token to the client (depends on your project)
  4. If the token was sent to the client, he saves it in sessionStorage or localStorage or somewhere else
  5. The client accesses the server:
    - if the token is in the cookie, the server pulls it out of the cookie and checks the validity.
    - if the token is stored by the client, he must send this token with each request to the server
    You can recreate the token, for this the client does not have to enter the login and password again.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question