JWT (JSON Web Token) with PHP and Angular.js

Question

I have an Angular.js application and I am trying to implement authentication to my PHP backend using a JWT.

I have the app setup to set the token on login and send the token with every request if it exits. I was following the information here, though it is for Node.js not PHP: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ .

The information there was extremely helpful, but I do not understand why the token should be in the Authorization header with the text 'Bearer ' before the token. Could I just put the token there without 'Bearer '? Is there a recommended method for where the token should go in the request?

My other issue is where to store the token on the front end. The website recommended using $window.sessionStorage which doesn't seem to work well for my case because it seems to prevent someone from using multiple tabs which isn't very intuitive.

My question really comes down to:

• Where do I put the token in the request header?
• How should I store the token on the front end?

Answer 1

The use of the Bearer keyword is recommended in the RFC6750 - section Authorization Request Header Field :

Clients SHOULD make authenticated requests with a bearer token using the "Authorization" request header field with the "Bearer" HTTP authorization scheme. Resource servers MUST support this method

The libraries I've been working with always require it before the token itself. So the request header should be as follows:

Authorization: Bearer your_token

Regarding the storage I have seen it in $window.sessionStorage too