使用PHP和Angular.js的JWT(JSON Web Token)

我有一个Angular.js应用程序,我正在尝试使用JWT对我的PHP后端实现身份验证。</ p>

我有应用程序设置在登录时设置令牌,并在每次请求退出时发送令牌。 我在这里关注这些信息,虽然它适用于Node.js而不是PHP: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ 。</ p>

那里的信息非常有用,但我不明白为什么令牌应该在令牌之前的文本'Bearer'的Authorization标题中。 我可以在没有'Bearer'的情况下将令牌放在那里吗? 是否有推荐的方法来处理请求中的令牌?</ p>

我的另一个问题是将令牌存储在前端的位置。 该网站建议使用$ window.sessionStorage,这似乎不适合我的情况,因为它似乎阻止某人使用不太直观的多个标签。</ p>

我的问题真的 归结为:</ p>


  • 我在哪里将令牌放入请求标头?</ li>
  • 我应该如何在前端存储令牌? ?</ li>
    </ ul>
    </ div>

展开原文

原文

I have an Angular.js application and I am trying to implement authentication to my PHP backend using a JWT.

I have the app setup to set the token on login and send the token with every request if it exits. I was following the information here, though it is for Node.js not PHP: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/.

The information there was extremely helpful, but I do not understand why the token should be in the Authorization header with the text 'Bearer ' before the token. Could I just put the token there without 'Bearer '? Is there a recommended method for where the token should go in the request?

My other issue is where to store the token on the front end. The website recommended using $window.sessionStorage which doesn't seem to work well for my case because it seems to prevent someone from using multiple tabs which isn't very intuitive.

My question really comes down to:

  • Where do I put the token in the request header?
  • How should I store the token on the front end?

douluan5444
douluan5444 JWTforPHP的文档很糟糕。
5 年多之前 回复

1个回答



建议在 Bearer </ code>关键字。 ietf.org/html/rfc6750#section-2.1“rel =”nofollow“> RFC6750 - 部分授权请求标题字段:</ p>


客户端应该进行身份验证 使用具有“承载”HTTP
授权方案的“授权”请求头字段的带有承载令牌的请求。 资源服务器必须支持这种方法</ p>
</ blockquote>

我一直在使用的库总是在令牌本身之前需要它。 因此请求标头应如下所示:</ p>

授权:Bearer your_token </ code> </ p>

关于我在其中看到的存储 $ window.sessionStorage </ code> </ p>
</ div>

展开原文

原文

The use of the Bearer keyword is recommended in the RFC6750 - section Authorization Request Header Field:

Clients SHOULD make authenticated requests with a bearer token using the "Authorization" request header field with the "Bearer" HTTP authorization scheme. Resource servers MUST support this method

The libraries I've been working with always require it before the token itself. So the request header should be as follows:

Authorization: Bearer your_token

Regarding the storage I have seen it in $window.sessionStorage too

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐