How to refresh JWT token after expired ( Angular 1.5 + Laravel 5.2)

问题

What is the best and most secured way of using JWT token based authentication with Angular front-end and Laravel back-end (RESTful api)?

It is similar to this: http://johnsonsu.com/jwt-tokens-issues-in-angularjs-satellizer/

Thanks in advance.

回答1:

For JWT authentication between angularjs and Laravel you can use Satellizer. For backend i.e Laravel implementation you can find sample code here You can use satellizer for social login or just for normal login.

You have to install jwt-auth for laravel backend JWT support. You can refer some blogs to getting started

回答2:

Your question was "how to refresh JWT Authentication after it Expired", I was also been studying on JWT authentication this past few weeks and on how could i refresh the JWT access token upon expiration using Angularjs and Phalconphp, there are already available libraries i could use but i prefered to understand it by doing it base on the methods i have researched, so i used angular-jwt and firebase/php-jwt, here is what i have come up so far:

Upon login the client is given an access token and a refresh token
The access token should expire before the refresh token
Once access tokens are expired, new access token are obtained from the refresh tokens (creating an API entry to verify refresh token then provide new access tokens)
Refresh tokens are checked for revocation (requires database of issued refresh tokens or i use Redis to store user refresh tokens).

Regading "best and most secured way of using JWT token based authentication", some suggested me not to use Authorization headers instead use cookies as well as enable SSL.

Credits to: https://stormpath.com/blog/jwt-authentication-angularjs

I hope this helps.