使用JWT，如何检查Authorization-Header？

i'm completely new to working with JWT and i'm struggling at a certain point:

with ajax requests i can set the authorization-header before the request...ok.

How do i use the JWT for "normal" requests? F.e. when reloading the page or simply following a link.

F.e. if a user isn't logged in, i want to redirect him to a landing-page.

On the server-side i have middleware that checks the JWT from the authorization-header and then either grants permission or redirects to the landing-page, but ofc currently i'm always getting the landing-page, because there's no authorization-header for non-ajax requests.

I'm storing the JWT in localstorage.

What am i missing?

Regards

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dos8244 2016-07-22 18:30
关注
You can store the JWT in a Cookie. This way they will be sent with every request (including "normal" ones). Here is a code snippet from one of my projects:

func loginHandler(w http.ResponseWriter, r *http.Request) { ... accessToken := newAccessToken(...) // returns a JWT with fields .Token and .Expires cookie := &http.Cookie{ Name: "access_token", Value: accessToken.Token, HttpOnly: true, Secure:true, Expires: time.Unix(accessToken.Expires, 0), Path: "/", } http.SetCookie(w, cookie) ... }

And to retreive the token:

func someHandler(w http.ResponseWriter, r *http.Request) { cookie, err := r.Cookie("access_token") if err != nil { // handle missing cookie } accessToken := cookie.Value ... }

Note that Cookies are vulnerable to CSRF Attacks.

Further reading: Where to Store your JWTs – Cookies vs HTML5 Web Storage
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

使用JWT，如何检查Authorization-Header？
2016-07-22 12:44

回答 3 已采纳 You can store the JWT in a Cookie. This way they will be sent with every request (including "norma
如何允许任何用户使用Laravel JWT身份验证访问路由？ laravel php
2016-08-20 00:39

回答 1 已采纳 To solve this dilemma , I made my own middleware based on the JWTAuth GetUserFromToken middleware,
了解JWT和HTTP授权标头？（客户端：Angular，服务器：php） http php
2016-02-01 10:31

回答 1 已采纳 Thilo's comment is right. More so, in php you can create any response header you want by simply u
JWT快速入门与使用nimbus-jose-jwt
2021-12-01 21:55

JackSparrow414的博客 JWT相关的库nimbus-jose-jwt和jsonwebtoken的选择nimbus-jose-jwt使用JWSHMAC加密算法使用HMAC的场景生成使用HMAC加密算法的jwt解析HMAC加密算法的jwtRSA加密算法使用RSA的场景在线生成RSA公钥和私钥生成使用RSA加密...
Laravel jwt使用组外的中间件 php
2018-05-03 09:14

回答 1 已采纳 Oops, seems I forgot to remove the "cors" from my RouteServiceProvider.php protected function map
如何从授权标头中提取JWT http
2019-04-12 21:22

回答 1 已采纳 The most trivial way to achieve this is to use the strings.TrimPrefix function as follows: token
登录后如何自动添加JWT？
2017-07-13 16:02

回答 2 已采纳 When using JWT, the client typically have to specify the token itself. To make the token handling
Spring Oauth2-Authorization-Server jwt 认证
2022-05-04 10:37

重生之我是一名程序员的博客 Spring Oauth2-Authorization-Server jwt 认证机制基于 spring-security-oauth2-authorization-server 0.2.3 配置资源服务器配置 @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws ...
springboot使用shiro+jwt验证前端每次携带jwt发送请求都会进行重新登录一次并生成新的session java spring boot 其他前端
2022-01-20 17:11

回答 3 已采纳原因：前端axios访问没有携带shiro的jsession的cookie 导致shiro每次都会进行认证登录解决：开启axios携带cookie和后端开启跨域允许携带cookie就不会一直进行shi
jwtauth.Verifier失败
2017-07-19 16:28

回答 1 已采纳 The problem I am seeing , which I may be incorrect, you are creating tokenAuth for each user that
如何在Golang中获得JWT的响应
2018-07-08 00:48

回答 2 已采纳 net/http.Request has a Header field that you can directly edit, but this means you can't use the s
Shiro +JWT 自定义spring-boot-starter
2020-05-31 16:32

小时候的阳光的博客 JWT 是什么？ java web token 的简称为什么要 shiro + JWT ？现在微服务架构，前后端分离架构，综合 PC、 APP 、小程序、微信等，采用一个令牌作为登录用户身份的象征，不再用原来的浏览器Session作为登录凭证。 ...
使用PHP和Angular.js的JWT（JSON Web Token） javascript php
2014-10-02 19:15

回答 1 已采纳 The use of the Bearer keyword is recommended in the RFC6750 - section Authorization Request Header
nodejs-auth-jwt:使用JWT进行节点身份验证
2021-05-16 14:48

nodejs Express JWT 使用JWT登录应用程序示例运行项目： $ npm init $ npm install $ sudo npm install -g nodemon $ nodemon API路线： ...Header: authorization: Bearer 使用邮递员测试api。
oauth2 spring-authorization-server 分析
2022-01-19 16:38

tof21的博客 spring boot,spring security,oauth2,spring-authorization-server
没有解决我的问题, 去提问

悬赏问题

¥15 matlab有关常微分方程的问题求解决
¥15 perl MISA分析p3_in脚本出错
¥15 k8s部署jupyterlab，jupyterlab保存不了文件
¥15 ubuntu虚拟机打包apk错误
¥199 rust编程架构设计的方案有偿
¥15 回答4f系统的像差计算
¥15 java如何提取出pdf里的文字？
¥100 求三轴之间相互配合画圆以及直线的算法
¥100 c语言，请帮蒟蒻写一个题的范例作参考
¥15 名为“Product”的列已属于此 DataTable

使用JWT，如何检查Authorization-Header？

3条回答 默认 最新

悬赏问题

3条回答默认最新