0

I am developing one SPA application using Web API and Angular and using Bearer Token based authentication for authentication and authorization.

My question : Basically we will get the token from web api and store that token in local / session storage and for subsequent requests we are using this token and pass to every request through HTTP Header. That means server does not know anything about the particular token/session and who will send that request. Here my question is how server identifies from which user that token coming and how it will check whether it is valid token or not.

Vijay
  • 71
  • 2
  • 12

1 Answers1

0

Usually the server issuing the token keeps track of which user it was issued to, and will therefore assume that any request send with said token is coming from the same user. Most of the time tokens also have a validity period, and will expire once that period is passed. These informations are most of the time stored in a database.

You should check out the oauth documentation for more informations on this matter.

HTTP is not really stateless anyway, see this SO post for more informations.

Leo
  • 741
  • 6
  • 14
  • As per my understanding http is a stateless protocol and server will not keep any information abut the client after giving the request. If we use local storage, sever will not keep any information and at the same time in the client browser it will store. Is my understanding is correct or not. If my understanding is correct how server is stored this information. Please explain me. – Vijay Jun 17 '18 at 16:29