dragon2025
2014-10-02 19:15
浏览 85

使用PHP和Angular.js的JWT(JSON Web Token)

I have an Angular.js application and I am trying to implement authentication to my PHP backend using a JWT.

I have the app setup to set the token on login and send the token with every request if it exits. I was following the information here, though it is for Node.js not PHP: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/.

The information there was extremely helpful, but I do not understand why the token should be in the Authorization header with the text 'Bearer ' before the token. Could I just put the token there without 'Bearer '? Is there a recommended method for where the token should go in the request?

My other issue is where to store the token on the front end. The website recommended using $window.sessionStorage which doesn't seem to work well for my case because it seems to prevent someone from using multiple tabs which isn't very intuitive.

My question really comes down to:

  • Where do I put the token in the request header?
  • How should I store the token on the front end?

图片转代码服务由CSDN问答提供 功能建议

我有一个Angular.js应用程序,我正在尝试使用JWT对我的PHP后端实现身份验证。

我有应用程序设置在登录时设置令牌,并在每次请求退出时发送令牌。 我在这里关注这些信息,虽然它适用于Node.js而不是PHP: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/

那里的信息非常有用,但我不明白为什么令牌应该在令牌之前的文本'Bearer'的Authorization标题中。 我可以在没有'Bearer'的情况下将令牌放在那里吗? 是否有推荐的方法来处理请求中的令牌?

我的另一个问题是将令牌存储在前端的位置。 该网站建议使用$ window.sessionStorage,这似乎不适合我的情况,因为它似乎阻止某人使用不太直观的多个标签。

我的问题真的 归结为:

  • 我在哪里将令牌放入请求标头?
  • 我应该如何在前端存储令牌? ?
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dp9599 2015-05-21 10:19
    已采纳

    The use of the Bearer keyword is recommended in the RFC6750 - section Authorization Request Header Field:

    Clients SHOULD make authenticated requests with a bearer token using the "Authorization" request header field with the "Bearer" HTTP authorization scheme. Resource servers MUST support this method

    The libraries I've been working with always require it before the token itself. So the request header should be as follows:

    Authorization: Bearer your_token

    Regarding the storage I have seen it in $window.sessionStorage too

    点赞 打赏 评论

相关推荐 更多相似问题