Level 29
Json web token(JWT) is self contained. It does not need any storage.
1 like
Apr 29, 2016
8
Level 33
Where are JWT Tokens stored?
Hello,
Where are JWT tokens stored?
I've setup JWTAuth (https://github.com/tymondesigns/jwt-auth) but I was wondering where they are stored? The token is not stored in the database so how can my local token being verified?
Thankyou!
Level 13
The token is stored in the header.
Level 33
I'm a bit confused.
I've red this article:
Here they are telling:
On every request to a restricted resource, the client sends the access token in the query string or Authorization header. The server then validates the token and, if it’s valid, returns the secure resource to the client.
So the token is stored on the server and when someone makes a request the token is in the header, and will then being verified on the server?
Level 29
Yes, client needs to store it, on server storage is not required.
JWT have all the claims in itself and is signed by the server as well. On receipt, server checks for the signature and reads the claims. It does not match it against a stored value. That is the whole point of using JWT against access tokens.
Look at how a JWT is structured.
2 likes
Level 5
Maybe the debugger https://jwt.io/ helps you a bit more to understand how data is stored in JWT.
3 likes
Level 2
Something must be stored at server, though. Otherwise there wouldn't be a way to blacklist tokens.
Level 13
storage/framework/cache/data is the storage on a default laravel app
Level 5
no you are wrong, the beauty of jwt is that he is not need to store any data to server. jwt token consists of 3 blocks.
- headers. like expires, encrypt algorithm, etc
- data. like
user_id - encrypted signature
server has secret key, that signs the first two blocks and result hash compare with 3 block. if has true, it is means 2 block is correct and he can be trusted. in other words,
user_idin second block it is real user identificator
Please or to participate in this conversation.