0

What is the best and most secured way of using JWT token based authentication with Angular front-end and Laravel back-end (RESTful api)?

It is similar to this: http://johnsonsu.com/jwt-tokens-issues-in-angularjs-satellizer/

Thanks in advance.

mudin
  • 2,672
  • 2
  • 17
  • 45
  • You can use this for normal login as well as social login. https://github.com/sahat/satellizer – Ganesh Ghalame Jun 10 '16 at 04:54
  • You can even directly get code for laravel https://github.com/sahat/satellizer/blob/master/examples/server/php/app/Http/Controllers/AuthController.php I am using the same its awesome. – Ganesh Ghalame Jun 10 '16 at 04:56
  • Thanks for your quick reply. I have more questions actually. What do you think it is a good to renew jwt token in per request for making secure? how does angular know the token is expired without decode? – mudin Jun 10 '16 at 06:03
  • I don't think its perfect way to regenerate token each time, now your laravel `AuthController` will return a `{"error":"token_not_provided"}` i.e `401` now if you want to redirect to login it will be automatic, or if you want to do something else you can use interceptors like this http://stackoverflow.com/questions/21230417/capture-http-401-with-angular-js-interceptor – Ganesh Ghalame Jun 10 '16 at 06:15
  • I got it! Thank you, one more thing. Laravel is setting expiration time and angular cannot check it, it is not secure, and even user is active in the browser, the expiration time is passing and user should login again. is it normal? – mudin Jun 10 '16 at 06:17
  • Sorry for asking a lot. Do I need to use angular-jwt if I use satellizer? – mudin Jun 10 '16 at 06:23
  • Consider its like paypal token, its valid for specified time, you can change the laravel session time http://stackoverflow.com/a/37740122/1740102, Now consider any other banking or some example if session time out user has to logged in again. You don't need angular-jwt if you have a satellizer – Ganesh Ghalame Jun 10 '16 at 06:29
  • My issue is similar to this: http://johnsonsu.com/jwt-tokens-issues-in-angularjs-satellizer/ – mudin Jun 10 '16 at 08:08

3 Answers3

1

For JWT authentication between angularjs and Laravel you can use Satellizer. For backend i.e Laravel implementation you can find sample code here You can use satellizer for social login or just for normal login.

You have to install jwt-auth for laravel backend JWT support. You can refer some blogs to getting started

Ganesh Ghalame
  • 6,367
  • 3
  • 24
  • 29
1

Your question was "how to refresh JWT Authentication after it Expired", I was also been studying on JWT authentication this past few weeks and on how could i refresh the JWT access token upon expiration using Angularjs and Phalconphp, there are already available libraries i could use but i prefered to understand it by doing it base on the methods i have researched, so i used angular-jwt and firebase/php-jwt, here is what i have come up so far:

  1. Upon login the client is given an access token and a refresh token
  2. The access token should expire before the refresh token
  3. Once access tokens are expired, new access token are obtained from the refresh tokens (creating an API entry to verify refresh token then provide new access tokens)
  4. Refresh tokens are checked for revocation (requires database of issued refresh tokens or i use Redis to store user refresh tokens).

Regading "best and most secured way of using JWT token based authentication", some suggested me not to use Authorization headers instead use cookies as well as enable SSL.

Credits to: https://stormpath.com/blog/jwt-authentication-angularjs

I hope this helps.

Efx
  • 435
  • 4
  • 14
0

You can use request/response interceptor in your fronend with satellizer and your own interceptor's implementation.

See more details about this here in Satellizer discussion on Github.

I was having this same problem today but I solved it now!

References:

Community
  • 1
  • 1
Francis Rodrigues
  • 1,470
  • 4
  • 25
  • 61