I'm trying to use JWT tokens in my php project with php-jwt library.
At now I can log in with smartphone app.
After success registration app gets jwt access_token by JWT::encode($token, $key);.
Client can send this token to the server, which checks it and e.g changes database data.
I have several questions at once.
- How can I create correct values for JWT:
$key = "your_secret_key"; $iss = "http://any-site.org"; $aud = "http://any-site.com"; $iat = 1356999524; $nbf = 1357000000;
How can I see:
$key - any combination of characters like salt.
$iss - site address, which sends tokens (my server location)
$aud - same address
$iat - creation time (do I need to change it every time when access token is created?)
$nbf - token life time (what time should I use?)
- How can I create refresh token?
access_token — the token we send with headers in every request.
refresh_token — the token we send with headers when the old token lifetime will expire.
Where do I should to store both tokens?
I guess, that access_token can be stored in smartphone's memory and sent it every time, when the server needs to check access.How can I save the user's authorization after each app launch?
Thank you for your advice!
