I'm following a few examples here about authenticity in and it's working fine, but I'd like to know if passing the token by the URL would be the correct form or if you have some method that works best.
I'm following a few examples here about authenticity in and it's working fine, but I'd like to know if passing the token by the URL would be the correct form or if you have some method that works best.
Yes, you can pass the token by the same URL.
Note that in the example, JWT is used, which is a standard to traffic tokens and session data between the client and server, reducing the server's need to maintain session data.
Care should be taken in no circumstances to send sensitive information to the client, especially over an unsecured connection, since the payload
field of JWT can be fully recovered.
Another option, besides sending the token next to the URL, is to use a cookie or a specific field of the HTTP header, but in all cases, there is no security gain from one to the other.
You can set the token in the url, the best thing to do to not fill the address field is to use the request header, this part you will configure in the front end, use angularjs, angular.io (angular 2). .. front end frameworks always have something about Json WebToken authentication.
For the angularjs I use the satellizer: link