Reputation: 91
How to proceed with the JWT token on client side, after middleware
i want to Authenticate my routes with JWT and i have some questions. I have a flask backend server and i am using the jwt extended flask library. When i log in to my app i produce a JWT token with this way
app.config["JWT_COOKIE_SECURE"] = False #This is False on locahost
app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
app.config['JWT_CSRF_IN_COOKIES'] = True
..........
access_token = create_access_token(identity= token)
response_data = jsonify({
'success': True,
'message': 'You have successfully logged in',
})
set_access_cookies(response_data, access_token)
I sent the token to middleware with the above way, as a http-only cookie.
My middleware is on express js and i manipulate the JWT token there:
I access the token and the csrf like this:
const setCookieHeader = response.headers['set-cookie']
const access_token_cookie = setCookieHeader[0]
.......
const csrf_access_token = setCookieHeader[1]
var decodes_jwt = jwt.verify(token, config.jwtSecret)
And i save the csrf to a cookie. My question is that i suppose to do? I decode the JWT inside the middleware like i do now, and how the client get it to sent it to other requests i want to make. Also i see that some they sent only the csrf_access_token and authenticate with this only without the JWT ?? I don't know if this is valid too.
My code that i am using in my middleware for requests is like this:
const axiosInstance = axios.create({
withCredentials: true,
})
axiosInstance.post(`${clientUrls.cloudapi}/get_my_route`,
{
},
{ headers: {
'Content-Type': 'application/json',
// 'Authorization': `Bearer ${req.get('Authorization').split('bearer ')[1]}`,
// Authorization: `Bearer ${req.cookies['csrf']}`
'X-CSRF-TOKEN': req.cookies['csrf'],
}
}).then((response) => {
In my backend to authenticate the JWT i am doing this
@app.route("/get_my_route", methods=["POST"])
@jwt_required()
def _getRoute():
current_user = get_jwt_identity()
........
With the above implementation i get 401 Unauthorized
So my basic question is how to manage the JWT in the client side(I am writting reactJS), so to sent it through the the server to validate the request.
Upvotes: 1
Views: 107
Answers (0)
Related Questions
- Where to store JWT in browser? How to protect against CSRF?
- How to decode jwt token in javascript without using a library?
- Sending JWT token in the headers with Postman
- Error: Can't set headers after they are sent to the client
- Access and refresh token implementation on backend side, security and performance concerns
- How to access the GET parameters after "?" in Express?
- Manually validate flask-extended-jwt's access token
- Why does adding an extra middleware to slim 3 blocking jwt authentication with cors