JWT (JSON Web Token) with PHP and Angular.js
I have an Angular.js app and I am trying to implement authentication on my PHP server using JWT.
I have an app setup to set a token on login and send a token with every request if it exits. I read the info here, though for Node.js not PHP: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ .
The information was extremely helpful, but I don't understand why the token should be in the authorization header with the text "Bearer" before the token. Can I just put a token without "Bearer"? Is there a recommended method where the token should go in the request?
My other problem is where to store the token on the front. The website is advised to use $ window.sessionStorage which doesn't seem to work for my case because it seems to prevent someone from using multiple tabs, which is not very intuitive.
My question really boils down to:
- Where do I put the token in the request header?
- How to store the token in the frontend?
source to share
The use of the keyword is Bearer
recommended in RFC6750 Section - Authorization Request Header Section :
Clients MUST make authenticated bearer token requests using the "Authorization" request header field with the "Bearer" HTTP address of the authorization scheme. Resource servers MUST support this method
The libraries I've worked with always require this before the token itself. Therefore, the request header should be as follows:
Authorization: Bearer your_token
As for the repository, I also saw it in $window.sessionStorage
source to share