What is the best way to implement authorization on the front?

H

HeyAway2018-04-10 14:52:33

Python

HeyAway, 2018-04-10 14:52:33

Hello! There is an api in python.
A person sends his login and pass, the api gives a jwt-token with a "survivability" of 2 weeks. This token is then used to access other api methods.
PU works on this api. Please tell me how best to implement authorization in PU. If I understand correctly, then there are only cookies. Login-pass input form -> received a token -> write a token and other data in cookies. But this is a very wrong approach, right?
PU plows on js. Without php or something else server.
I apologize if the question is banal. Banal, but causes wild fears. Maybe there are some third-party services where you can give this case? Wild lamer in this, sorry.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

�

⚡ Kotobotov ⚡, 2018-04-17
@HeyAway

your task is to transfer the token to the server -> this can be done through the use of cookies, but this is not done. TK cookies are stuck, cookies are not universal and are tied to a specific browser (cookies cannot be used by applications), and a bunch of other problems, especially related to scaling.
You can also send a token along with each request in the body of the request itself (example: https://address.ru/request?token=token),
but then the token will be stored in the browser history, and this can also lead to some security problems (for example if you follow the link, and a person on another service sees the user’s token along with the link of the source of the transition, this will be a giant fail)
in general, the most appropriate way is -> pass the token in each request along with the header, (that is, pass additional parameters of this request bypassing the address bar)
read more about http headers for example https://www.tutorialspoint.com/http/http_header_fi...