This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
JWT Authentication
JWT Authentication

Version management

Difference between version and

At line 1 added 16 lines
!!! Overview
[{$pagename}] is when the user successfully logs in using his [credentials], a [JSON Web Token] will be returned from the [Authentication Method] and must be saved locally (typically in [localStorage], but [cookies] can be also used), instead of the traditional approach of creating a session in the server and returning an [Authentication cookie].
Whenever the user wants to access a protected route or resource, the [user-agent] should send the [JSON Web Token], typically in the [Authorization Header] using the Bearer schema which a non-normative example is shown below:
%%prettify
{{{
Authorization: Bearer <token>
}}} /%
[{$pagename}] allows a stateless [authentication Method] as the user __state is never saved in server memory__. The server's [protected Resources] will check for a valid [JSON Web Token] in the [Authorization Header], and if it's present, the user will be allowed to access [protected Resource]. As [JSON Web Tokens] are self-contained, all the necessary information is there, reducing the need to query the database multiple times.
[{$pagename}] also allows you to fully rely on [data] [APIs] that are stateless and even make requests to downstream services. Since is does not matter which [Security Domain] are serving your APIs, so [Cross Origin Resource Sharing] ([CORS]) will not be an issue as you do have when using [Authentication cookies].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop