Reputation: 1768
How to make token based authentication when someone open a page directly
There is a sensitive page in my website, so I want to authenticate visitors before they opening a link like: www.examples.com/builder.
I know if I use cookie based authentication everything will be simple, as the browser will send the credential message in cookies automatically. But in my situation, I have to use token based authentication. Browser don't send token if there is no pre-load script.
So my question is how to achieve token based authentication when someone open a sensitive page directly.
Upvotes: 0
Views: 54
Answers (1)
Reputation: 14189
As far as I can understand, you're looking for a way to avoid double roundtrips to send authentication headers to your web-service.
If I am correct, then this would only be possible via service worker which is a not widely supported feature. https://developers.google.com/web/fundamentals/primers/service-workers/
If, depending on your requirements, you can't go for service workers, then, the only left option is to use cookies.
I normally have a secondary authentication flow which uses cookies allowing a web service to authenticate a user on its first get request (the one made by the browser).
There are also some spa framework which implement routing resolvers but this will require a double roundtrip (1. load javascript, 2. send the token).
Upvotes: 2
Related Questions
- Passing authentication token to HTML pages
- Authorization token Bearer through javascript security
- Make the browser open links with authorization header
- How to pass token to verify user across html pages using node js
- How do you integrate HTML page with JWT Node JS Auth?
- How to handle the token before the page load?
- Token Based Authentication AngularJS
- REST API Authentication from Javascript in the browser
- Authorization on web page
- Automatic authentication using Javascript?