I've been reading a lot of threads about how to properly implement a RESTful login but I am not fully convinced yet, so far this is what i've come up with:
- Fill username and password in my login form
- When the user hits the login button, build an authorization basic header with username + password
- Hit an endpoint (e.g /token, i guess this should be a GET?)
- Generate the JWT token and send it back to the client (if it's a GET, i guess it will go as a json body)
- Client then uses localStorage or whatever to save the token and then hit the authenticated endpoints by building the bearer header
Would this be considered fully restful? If so, which http method would you use for retrieving the token? If it isn't, what would be the best way of achieving this (using JWT)
Aucun commentaire:
Enregistrer un commentaire