Comments (1)
commented on July 22, 2024
For the server, the tokens aren't stored anywhere. Checking to see if a provided token is valid is not accomplished by checking some store of previously created tokens, but rather:
- decrypting them using the private RSA key set up in the server config
- verifying that the token has not passed its expiration date
- verifying the user contained in the decrypted token exists
- verifying the user has not reset their password or had their permissions changed since the token was created
The above steps ensure that a token is valid and the appropriate permissions are given for the request associated with that token. One consideration is that this design does not allow for the revocation of tokens; if that is required then some kind of token store would need to be created.
If the question is where should the token be stored on the client side, the answer is wherever that is reasonably secure. For example in the browser you could store them in a secure cookie or local storage, or on an iOS app you could store them in the keychain.
from cerberus.
Related Issues (18)
- plugin problems HOT 2
- SQL
- Logout functionality HOT 1
- Can't able to find "server.contextPath=/api" in the project A demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security. HOT 2
- http://localhost:8080/api/auth giving 401 HOT 6
- Can't able to find "server.contextPath=/api" in the project A demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security. HOT 2
- The type io.jsonwebtoken.ExpiredJwtException cannot be resolved. It is indirectly referenced from required .class files HOT 1
- Compile error in line 109 of AuthenticationControllerTest.java
- How to add new user?
- How to change password? old token with new password HOT 1
- token - Expiration and creation should have the same format
- How to access the claims in the protected controller HOT 1
- How do I plug my own database in?
- Enable SSL
- The unit test AuthenticationControllerTest.requestingProtectedWithValidCredentialsReturnsExpected failed
- How to deal with token expiration? HOT 6
- CORS HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cerberus.