How to provide frontend with JSON web token after server authentication?

前端未结

关注

 4  597

南旧 2021-02-04 04:57

So far I have only dealt with server-rendered apps, where after a user logs in via username/password or using an OAuth provider (Facebook etc.), the server just sets a session c

4条回答

太阳男子 (楼主)

2021-02-04 05:43
I recently ran across this same issue, and, not finding a solution here or elsewhere, wrote this blog post with my in-depth thoughts.

TL;DR: I came up with 3 possible approaches to send the JWT to the client after OAuth logins/redirects:
1. Save the JWT in a cookie, then extract it on the front-end or server in a future step (eg. extract it on the client with JS, or send a request to the server, server uses the cookie to get the JWT, returns the JWT).
2. Send the JWT back as part of the query string (which you suggest in your question).
3. Send back a server-rendered HTML page with a