首页

How does server return JWT token to the client?

http-headers authentication jwt java oauth-2.0
2022-09-01 13:15:43

This is my first encounter with a JWT token and I'd like to know how is this token returned to the client after it's first created.

Should it come in the ?Authorization : Bearer header

Usually, it's the client that passes the token in on each request.
I'd like to know how does the server pass this token to the client after user has authenticated and the token gets created. Also in the same header? In a different header?Authorization : Bearer header

In my situation, the server will be generating the token not as a response but as part of the request.

For example:-

A user will login to a portal, then click on a link to an authorized application. The JWT containing user claims will be passed to the authorized application as part of the request.
What is the best approach here? GET or POST? Header (which)? Query string? POST body? Thank you!


答案 1

there is no standard for how to return JWT token to the client, however, check this URL, it answers your question

https://github.com/dwyl/hapi-auth-jwt2/issues/82#issuecomment-129873082

putting the JWT token in the Authorization header gives us flexibility to send an actual response in a web application. For a REST-only App/API you are free to send the JWT as the response body or a cookie. What matters is how the client stores the JWT and sends it back to the Server, which is done in the Authorization header (or Cookie or URL Token if you prefer)


答案 2

推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »