JWT Authentication to iOS

Question

I was working on a cakephp project and I just finished it I did the rest to comunicate with the database from an iOS and it works fine I implemented JWT Authentication on my cake project and now I have no idea what I should do once i got the token. And i'm using objective C not Swift. thanks

Answer 1

Having implemented the JWT on CakePHP - assuming that you are using the plugin - I am assuming that you understand how JWT works and it sounds like you are able to handle the authentication part to obtain a JWT and are looking to use this token to access your REST API. Basically you would include this in the header in the same way that you would pass a cookie ( although technically it is possible to pass in the URL this is not advisable ). Once you have the token it is probably worth checking client side that it hasn't expired and also handle auth failure responses to return the user to login or some other appropriate response.

There is a JWT Objective C Library on GitHub that could get you started if you are looking to check the expiry time etc of the token. NB - The data within JWT tokens can be accessed without any security keys so the tokens are NOT encrypted but are rather signed.

As a first iteration you should be able to just pass the JWT through with POST request header and then once you have that working you could move to handling the expiry conditions pre post. If your POST receives an auth failure error then the token has expired and you could ask the user to supply them again.

If you are looking to just use JWT as a replacement for session cookies there is some debate against this although it is becoming more prevalent as people wish to align REST service access with common JWT and use the same approach for application session management. Personally I don't have a problem with this though some would argue strongly against this.

I also found This Blog Article useful to GROK the flow.