3

I'm learning reactjs, redux and json web token. I'm new on all of them.

In my sample application user sends information from a login page. If the information is true jwt is created and it is set in the state and sent to the client side. It is set to the localStorage. When an other request is sent from client, token in the localStorage is sent to the server via redux action for verifying.

I read some samples and tutorials. Some of them have sent jwt in the HTTP header.

Do I have to sent it to the header ? Are localStorage and state enough ?

kbrk
  • 610
  • 1
  • 9
  • 27
  • I would not recommend storing it in local storage since it persists until explicitly deleted. Can lead to some weirdness and having to check for things that you wouldn't have to worry about otherwise if you were storing it in cookie or session storage. – Brandon Jul 18 '16 at 14:41

1 Answers1

3

Do I have to sent it to the header?

You must send it to the server in a request somehow. Whether that is as a header or as part of the request's payload, it doesn't matter, however it is more convenient and almost certainly considered better practice to send it as part of the Authorization header. Using the Authorization header will allow you to avoid moving the JWT between a request's body and query parameters depending on its type (POST / GET etc.).

Are localStorage and state enough?

No. Storing the JWT locally on the client does not inform the server of the client's authenticated state. You must send the JWT to the server with each request that requires user authorisation.

Do some reading around JWT. There are plenty of links and libraries available to you online. Here is one to get you started.

sdgluck
  • 24,894
  • 8
  • 75
  • 90
  • Hi, thank you for your answer. One more thing. I send jwt in the localStorage from action in the client to the reducer in the server. Is this proper ? – kbrk Apr 20 '16 at 08:35