I try to create a Web application with JWT:
If a user send a request the server, I can run the process on the server and send the data back to the browser in a web token, that brings me to the question:
How can I verify this server response in the browser and send a new request to the server by using JWT with a secrete that can be accept from the server?
On the server the JWT from the browser request should be verify.
My consideration is to create a JWT on the client with the same "secret" but this is readable for attackers, because it is possible to read the source code (developer console).
Does there exist an way?
//Create request JWT
Request 1 --> {head: ...; data:..., secrete: secret}
//Request should be checkted on the server (secrete)
// create a Resonse JWT and send back to the Client
Resonse 1 --> {head: ...; data:..., secrete: secret}
//Client verify the Respons JWT by the secrete
Aucun commentaire:
Enregistrer un commentaire