How to check JWT on each request

Asked

Viewed 490 times

1

I’m doing a login system on php and trying to authorize with JWT. I’m not using any library, I made a class called Jwt that I pass the vestments and Token and also step the token and returns me an object with payload information.

So far the logic of my system is so:
In my code I have a route /login who sends the form data to /login/auth and within the /auth I do the consultation on BD and if it works out I will token

My question is:
How to check the token on each request? I can save the token in a cookie? At each check I will have to consult the BD to verify the token?

If you’ve done it in another language you can say, maybe it’ll help me in logic.

php web-service api rest jwt

  • I will wait for the answer of someone more experienced, because in my system I do the token verification in BD

  • That was the first time I asked here, it usually takes someone to answer?

1 answer

0

A Rest API should not contain status between requests, so save the token in a cookie for verification would not be ideal.

I don’t really know the language php but here’s a proposal: create a filter or middleware for all requests. All customer requests send the token in the header Authorization, when this request enters the filter you receive recovers the payload information and generates a new validation token, test whether the two are equivalent.

It is worth noting that this technique will only work in simple tokens, more complex tokens use, for example, an expiration time and for this case this technique would not work. The interesting thing would be to use some library that implements this resource more completely.

Browser other questions tagged php web-service api rest jwt

You are not signed in. Login or sign up in order to post.