How to check JWT on each request

1

I am doing a login system in php and trying to authorize with JWT . I am not using any library, I made a class called Jwt that I pass the pars and it generates the Token and also passes the token and returns me an object with the information of the payload.

So far the logic of my system looks like this: Home In my code I have a / login route that sends the form data to / login / auth and inside / auth I make the query in BD and if it works out I generate token

My question is: Home How to check the token on each request? Can I save the token on a cookie ? In each check I will have to query the BD to check the token ?

If you have already done so in another language you can say, maybe it helps me in logic.

    
asked by anonymous 11.05.2018 / 18:23

1 answer

0

A Rest API should not contain state between requests, so saving token in a cookie for verification would not be optimal.

I do not know the language php well but here's a proposal: create a filter or middleware for all requests. All client requests send the token in the Authorization header, when this request gets into the filter you receive retrieve the payload information and generate a new validation token, test if the two are equivalent.

Note that this technique will only work in simple tokens, more complex tokens use, for example, an expiration time and in this case this technique would not work. The interesting thing is that I used some library that implemented this feature more fully.

    
06.10.2018 / 05:42