使用JWT，如何检查Authorization-Header？

i'm completely new to working with JWT and i'm struggling at a certain point:

with ajax requests i can set the authorization-header before the request...ok.

How do i use the JWT for "normal" requests? F.e. when reloading the page or simply following a link.

F.e. if a user isn't logged in, i want to redirect him to a landing-page.

On the server-side i have middleware that checks the JWT from the authorization-header and then either grants permission or redirects to the landing-page, but ofc currently i'm always getting the landing-page, because there's no authorization-header for non-ajax requests.

I'm storing the JWT in localstorage.

What am i missing?

Regards

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dos8244 2016-07-22 18:30
关注
You can store the JWT in a Cookie. This way they will be sent with every request (including "normal" ones). Here is a code snippet from one of my projects:

func loginHandler(w http.ResponseWriter, r *http.Request) { ... accessToken := newAccessToken(...) // returns a JWT with fields .Token and .Expires cookie := &http.Cookie{ Name: "access_token", Value: accessToken.Token, HttpOnly: true, Secure:true, Expires: time.Unix(accessToken.Expires, 0), Path: "/", } http.SetCookie(w, cookie) ... }

And to retreive the token:

func someHandler(w http.ResponseWriter, r *http.Request) { cookie, err := r.Cookie("access_token") if err != nil { // handle missing cookie } accessToken := cookie.Value ... }

Note that Cookies are vulnerable to CSRF Attacks.

Further reading: Where to Store your JWTs – Cookies vs HTML5 Web Storage
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

使用JWT，如何检查Authorization-Header？
2016-07-22 12:44

回答 3 已采纳 You can store the JWT in a Cookie. This way they will be sent with every request (including "norma
如何允许任何用户使用Laravel JWT身份验证访问路由？ laravel php
2016-08-20 00:39

回答 1 已采纳 To solve this dilemma , I made my own middleware based on the JWTAuth GetUserFromToken middleware,
了解JWT和HTTP授权标头？（客户端：Angular，服务器：php） http php
2016-02-01 10:31

回答 1 已采纳 Thilo's comment is right. More so, in php you can create any response header you want by simply u
JWT快速入门与使用nimbus-jose-jwt
2021-12-01 21:55

JackSparrow414的博客 JWT相关的库nimbus-jose-jwt和jsonwebtoken的选择nimbus-jose-jwt使用JWSHMAC加密算法使用HMAC的场景生成使用HMAC加密算法的jwt解析HMAC加密算法的jwtRSA加密算法使用RSA的场景在线生成RSA公钥和私钥生成使用RSA加密...
Laravel jwt使用组外的中间件 php
2018-05-03 09:14

回答 1 已采纳 Oops, seems I forgot to remove the "cors" from my RouteServiceProvider.php protected function map
如何从授权标头中提取JWT http
2019-04-12 21:22

回答 1 已采纳 The most trivial way to achieve this is to use the strings.TrimPrefix function as follows: token
登录后如何自动添加JWT？
2017-07-13 16:02

回答 2 已采纳 When using JWT, the client typically have to specify the token itself. To make the token handling
Spring Oauth2-Authorization-Server jwt 认证
2022-05-04 10:37

重生之我是一名程序员的博客 Spring Oauth2-Authorization-Server jwt 认证机制基于 spring-security-oauth2-authorization-server 0.2.3 配置资源服务器配置 @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws ...
springboot使用shiro+jwt验证前端每次携带jwt发送请求都会进行重新登录一次并生成新的session java spring boot 其他前端
2022-01-20 17:11

回答 3 已采纳原因：前端axios访问没有携带shiro的jsession的cookie 导致shiro每次都会进行认证登录解决：开启axios携带cookie和后端开启跨域允许携带cookie就不会一直进行shi
jwtauth.Verifier失败
2017-07-19 16:28

回答 1 已采纳 The problem I am seeing , which I may be incorrect, you are creating tokenAuth for each user that
如何在Golang中获得JWT的响应
2018-07-08 00:48

回答 2 已采纳 net/http.Request has a Header field that you can directly edit, but this means you can't use the s
Shiro +JWT 自定义spring-boot-starter
2020-05-31 16:32

小时候的阳光的博客 JWT 是什么？ java web token 的简称为什么要 shiro + JWT ？现在微服务架构，前后端分离架构，综合 PC、 APP 、小程序、微信等，采用一个令牌作为登录用户身份的象征，不再用原来的浏览器Session作为登录凭证。 ...
使用PHP和Angular.js的JWT（JSON Web Token） javascript php
2014-10-02 19:15

回答 1 已采纳 The use of the Bearer keyword is recommended in the RFC6750 - section Authorization Request Header
nodejs-auth-jwt:使用JWT进行节点身份验证
2021-05-16 14:48

nodejs Express JWT 使用JWT登录应用程序示例运行项目： $ npm init $ npm install $ sudo npm install -g nodemon $ nodemon API路线： ...Header: authorization: Bearer 使用邮递员测试api。
oauth2 spring-authorization-server 分析
2022-01-19 16:38

tof21的博客 spring boot,spring security,oauth2,spring-authorization-server
没有解决我的问题, 去提问

悬赏问题

¥15 安卓adb backup备份应用数据失败
¥15 eclipse运行项目时遇到的问题
¥15 关于#c##的问题：最近需要用CAT工具Trados进行一些开发
¥15 南大pa1 小游戏没有界面，并且报了如下错误，尝试过换显卡驱动，但是好像不行
¥15 没有证书，nginx怎么反向代理到只能接受https的公网网站
¥50 成都蓉城足球俱乐部小程序抢票
¥15 yolov7训练自己的数据集
¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)（相关搜索：51单片机|单片机|测试代码）
¥15 电力市场出清matlab yalmip kkt 双层优化问题
¥30 ros小车路径规划实现不了，如何解决？(操作系统-ubuntu)

使用JWT，如何检查Authorization-Header？

3条回答 默认 最新

悬赏问题

3条回答默认最新