[英]JWT Authentication Flow in a Front -End Application?
I have a simple CRUD Java Spring-boot REST API
to MongoDB
to save/retrieve information about a user's Poker stats. 此 API 當前不受 JWT 保護。
API如下圖所示:
GET - /users/{userId}/games : gets all games relating to a user
GET - /users/{userId}/games/{roundId} : get a specific game relating to a user
POST - /users/{userId}/games/ : create a game
DELETE - /users/{userId}/games/{roundId} : Delete a game
PATCH - /users/{userId}/games/{roundId} : edit a game
我正在為 web 應用程序添加前端,我正在學習JavaScript
但還沒有開始學習具體的框架。
在開始開發應用程序的前端之前,我想驗證下面的Authorisation/Authentication
流程是否正確/有效?
1. User presses login button on client (e.g express/angular app) - this hits the /login endpoint
2. Auth0 redirects client to /authorise endpoint and displays login page for User
3. Auth0 verifies username and password against DB to check if a valid user
4. If login is successful: Auth0 redirects back to a specific page on the client with a JWT Token
5. Client Application stores the JWT to use in future requests
5. This JWT can then be used to make REST API calls to Java REST API
是的,差不多就是這樣,再想一些事情:
我會考慮一個客戶端框架,將所有這些都融入其中。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.