Reputation: 660
Storing json web token
I'm learning reactjs, redux and json web token. I'm new on all of them.
In my sample application user sends information from a login page. If the information is true jwt is created and it is set in the state and sent to the client side. It is set to the localStorage. When an other request is sent from client, token in the localStorage is sent to the server via redux action for verifying.
I read some samples and tutorials. Some of them have sent jwt in the HTTP header.
Do I have to sent it to the header ? Are localStorage and state enough ?
Upvotes: 3
Views: 1403
Answers (1)
Reputation: 27247
Do I have to sent it to the header?
You must send it to the server in a request somehow. Whether that is as a header or as part of the request's payload, it doesn't matter, however it is more convenient and almost certainly considered better practice to send it as part of the Authorization header. Using the Authorization header will allow you to avoid moving the JWT between a request's body and query parameters depending on its type (POST / GET etc.).
Are localStorage and state enough?
No. Storing the JWT locally on the client does not inform the server of the client's authenticated state. You must send the JWT to the server with each request that requires user authorisation.
Do some reading around JWT. There are plenty of links and libraries available to you online. Here is one to get you started.
Upvotes: 3
Related Questions
- JWT refresh token flow
- Invalidating JSON Web Tokens
- Where to store JWT in browser? How to protect against CSRF?
- Sending JWT token in the headers with Postman
- JWT vs cookies for token-based authentication
- JWT (JSON Web Token) automatic prolongation of expiration
- What's the difference between JWTs and a Bearer Token?
- What are the main differences between JWT and OAuth authentication?
- Attach Authorization header for all axios requests
- JSON Web Token (JWT) benefits over a database session token