Questions about how JWT works?

M

Maxim Rezvanov2017-08-19 11:47:28

JSON Web Token

Maxim Rezvanov, 2017-08-19 11:47:28

Hello. For educational purposes, I want to create a todo list with authorization using flask and vuejs (Vue will communicate with Flask via API). Yesterday I learned what JWT is. I didn't quite understand how it works. As I understand it :
1) An unauthorized user is trying to access the page "site.com/todolist/%id%" . He fails to do this and the server transfers him to the page for authorization.
2) The user goes to the page "site.com/login" to log in in the form with a login and password.
3) The "site.com/auth" route checks its username and password.
4) If the username and password are valid, then we redirect to the "site.com/token" route to get this JWT.

My questions are:
1) Where is the JWT stored? (As I understand it, it can be stored in cookies, and then check these cookies on each route)
2) What information should be stored in JWT and what information CANNOT be stored in JWT?
3) How to remember the page "site.com/todolist/%id%" that the user wanted to go to using Flask and VueJS?
4) Does the server have to transfer the user to the "site.com/token" route to receive the token? Or the server itself can make this request?

I would appreciate any answers :)