发表新帖
发表新帖

Store JWT token in cookie

前端 未结
关注
2 419
庸人自扰
庸人自扰 2021-02-01 09:54

This is my setup:

  • 1 authentication server which gives out JWT token on successfull authentication.
  • Multiple API resource servers which gives information (
2条回答
  • 心在旅途
    心在旅途 (楼主)
    2021-02-01 10:15

    Are you generating your own JWTs?

    If yes, you should consider using a signing algorithm based on asymetric encryption, like "RS256" or "RS512" -- this way you can verify the claims in your client application without sharing the private secret.

    Do you really need to pass the JWT into the Cookie?

    It might be safer to just put a random id in your Cookie, which references the JWT access token, and do the de-referencing magic on the server which serves your web-app.

    0 讨论(0)
 看不清?
提交回复
热议问题