javascript - Where to save JWT and how to use it -
i trying implement jwt in authentication scheme , have questions jwt.
for saving token, utilize cookie possible too, utilize localstorage or sessionstorage, best choice?
i have read about, jwt protect site csrf. can not imaging that, how works. assume, save jwt token in cookie storage, how protect csrf?
update 1 saw samples in net like
curl -v -x post -h "authorization: basic ve01ennfem9fzg9nrerjvejjbxrbcwjgdtbfytpyuu9urexinlbbohjvuhjfsktrthhustnsegnh" how can implement that, when create request server browser. saw too, implement token in address bar like:
http://exmple.com?jwt=token if create request via ajax, set header jwt:token , can read token header.
update 2
in google chrome installed advanced rest client, @ image
as can see, can set header data. possible set headers info via javascript, when making request server?
look @ web site: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
is recommended not store jwt, if want store them, should utilize localstorage if available. should utilize authorization header, instead of basic scheme, utilize bearer one:
curl -v -x post -h "authorization: bearer your_jwt_here" with js, utilize folliowing code:
<script type='text/javascript'> // define vars var url = 'https://...'; // ajax phone call $.ajax({ url: url, datatype : 'jsonp', beforesend : function(xhr) { // set header if jwt set if ($window.sessionstorage.token) { xhr.setrequestheader("authorization", "bearer " + $window.sessionstorage.token); } }, error : function() { // error handler }, success: function(data) { // success handler } }); </script> javascript web-services security cookies jwt
No comments:
Post a Comment