Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
523 views
in Technique[技术] by (71.8m points)

php - How to add JWT to authorization header?

As described in the following slide, it is necessary that the client sends the jwt back to the server by an Authorization Header at the next request.

enter image description here

But how can I define the Authorization Header and add the JWT to the server?

My current status is:

  1. User sends username and password to the server by a POST request.
  2. The server creates the the JWT.
  3. The server sends the signed JWT back to the client and saves it in a cookie.

Now my questions:

  • In case of a Login:

    As I understand it, now its necessary to send the JWT back to the server. The server verifies the token and sends it back to finish the login process.

    How can I add the JWT to the Authorization Header?

  • In case of running a process and receiving data from a calculation:

    Do I understand right, that the client has to send the JWT from the login to the server and a second JWT with the data; or can I send the data by POST request?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

So, You are pretty much correct with JWT. All you need to do when sending data from client to server (after JWT creation), is to add it to the request header. Many folks will try to keep along the same path as OAuth and add a Bearer token similar to the node snippet below:

var rp = require('request-promise');
options = {
  method: GET,
  uri: 'https://www.example.com/api/sample',
  headers: {
    Authorization: "Bearer <insert_your_JWT_here>"
  }
}
rp(options).then(function(res){
  <handle_response>
}

Granted I know you mentioned PHP, but the workflows are the same, its just the syntax is different.

Now, to verify that this token is present, the server would need to verify() that the token is valid with the secret that was defined. In every request made by the client, for an authorized endpoint, you would need to send this token everytime.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...