Reputation: 1201
NodeJs JWT token storing
I'm working on creating the user authenticate service and using the passport-jwt-strategy for authentication. but stuck on the point for storing the generated 'JWT token' into the user schema. Is it necessary to store the JWt token into the user model?
Upvotes: 1
Views: 408
Answers (3)
Reputation: 6811
JWT is stateless and does not need to be stored on the server side. However, the spec denotes a property jti which is the ID of the token. This one might be worth storing to, say, blacklist the one specific token later.
Upvotes: 1
Reputation: 769
It is not necessary to store jwt token, from server side you just need to verify jwt token, verify auth and roles of jwt token, jwt token should store in client side only. Jwt provides session less authorization to user. For more visit jwt official site.
Upvotes: 1
Reputation: 751
JWT are created to be stored on the client side. The only thing the server should need is a secret key with which to verify the token signature, to make sure it has not been tampered with. If you need to be able to invalidate session, then maybe another form of validation should be used.
Upvotes: 1
Related Questions
- How to store JWT in browser?
- NodeJS JWT storage dilemma
- How to store a token in Javascript/NodeJS
- Storing JWT server side express.js
- Storing and Using JWT & Secret Key
- JWT API token storage
- Saving JWT token to local storage
- Save Token in local Storage using node
- Storing Tokens in the browser
- Where should I store jwt token for authentication on server side