Can you explain for the dumb, where is the authorization token stored for http-headers that are returned to the client from the server?
Asked
Active
Viewed 466 times
2 Answers
0
You can check the same in the browser's network tab under "Response Headers" (provided you have set the response header from your server end) :
utkarsh-k
- 836
- 8
- 17
0
It depends on the application.
The authorization endpoint usually responses with the tokens in a response body (JSON).
The frontend application parses that body and stores tokens in LocalStorage or CookieStorage. For single page apps, tokens can be stored in the app's memory (variables).
Access tokens are being read by the frontend app from that storage, and they're being put into Headers of WebServices API calls.
Malipek
- 196
- 5
-
That is, the site should have a script that will receive the token and save it, and every time a new page is launched, it will send the token to the server as an http-header? – Trismer Jan 18 '22 at 17:05
-
Yes. If the API accepts token in cookie and the domain matches, header manipulation is even not necessary, as browser can automatically attach cookies to API calls (be aware of CORS) and some kind of anti CSRF protection in such situation. https://stackoverflow.com/questions/51586458/how-to-pass-header-jwt-token-with-axios-react – Malipek Jan 18 '22 at 19:14
-
Some admin panels store the token in "Session Storage". So, after the user follows the link leading to some page protected by authorization, the script is loaded first, which sends it to the http-header jwt-token, which is sent to the server, and only after a positive result is the desired page displayed? – Trismer Feb 07 '22 at 16:10