PHP and JWT for angular

iwantthat

Hi

I am exploring the Angularjs + PHP for the first time and wanted to create a crud spa driven by php rest api. Looking in to JWT for authentication.

Could someone with experience tell me what to do with the generated token. Should i store it as session in php as well or not and how to handle a logout. e.g if user has logged out then how to invalidate a jwt. I am looking in to https://github.com/lcobucci/jwt/blob/3.2/README.md

justjustin

You could take a look at THIS.

I have built a couple of small angular2 starter apps which rely on a custom built c#/sql backend but I have not yet taken any steps to authenticate requests.

colm_c

JWT should be stateless, as in it should not need to be tracked on the server, otherwise you may as well use sessions.

When you create a JWT, you should include any info you need on it, e.g. user_id, user_type, expiry etc. so that the frontend can read it and the backend can validate all the requests.

Any invalid JWT's will not allow the requests, while correctly signed ones will.

I would use some PHP framework that supports JWT like laravel, doing it from scratch is possible but kinda annoying.

iwantthat

Thanks for the detailed info.

I looked in to likes of symfony and laravel and it seemed too much just for the sake of JWT. So went ahead with a custom library.

It is exciting stuff...

Will update more once i have deep dived into it.

colm_c wrote: »

JWT should be stateless, as in it should not need to be tracked on the server, otherwise you may as well use sessions.

When you create a JWT, you should include any info you need on it, e.g. user_id, user_type, expiry etc. so that the frontend can read it and the backend can validate all the requests.

Any invalid JWT's will not allow the requests, while correctly signed ones will.

I would use some PHP framework that supports JWT like laravel, doing it from scratch is possible but kinda annoying.