2

I don't understand the use of JWT token..
Can anyone explain it to me ?
Because currently i'm working on an app (rails + react), and I want to use devise + jwt for authentification and React for frontend.

Actually, I understood that :

1/ If a user want to login: he completes the form, React get Data from form and make a post request of these infos to Rails API.

2/ Rails API get theses infos check in the db if infos match with a registered user, if it is then Rails API will create a JWT token and will send this token to React.
User is now logged in because Rails API found a matched user.

3/ React receive the JWT token. ( ?? what the usage of this token ?? )

thanks

Theo Cerutti
  • 779
  • 1
  • 10
  • 33
  • The token is used for all successive API calls, passing it in the HTTP Authorization header. Server side will validate the token every time before allowing the API request through. – Vineet Kulkarni Sep 13 '19 at 06:17

4 Answers4

1

Since you are return api . And react is consuming it. Jwt help to return data you might need to persist in your frontend in react tho. Data like user name or email. Example : making the header of your website show a user is logged in.

hamzat
  • 21
  • 3
  • Jwt store in user browser local storage . Then you can call it from there that if data username in jwt exist then perform soooooo in the frontend . In a user aspect it does not need to ask db to validate user again but can do that through jwt – hamzat Sep 13 '19 at 06:20
  • If you still dont get https://medium.com/@rajaraodv/securing-react-redux-apps-with-jwt-tokens-fcfe81356ea0 – hamzat Sep 13 '19 at 06:23
  • Hi hazmat, just as a heads up: You can [edit](https://stackoverflow.com/posts/57918212/edit) answers (and questions) to add information. This has the advantages of being clearer to see for readers, as comments get out of order quite quickly and also sometimes get deleted automaticall – MindSwipe Sep 13 '19 at 06:25
1

My response is not specific to Rails/React, but rather to all web technologies using JWT tokens:

What you said is correct. From point 3 forward, all the requests made from React to the Rails backend will have to contain the header Authorization: Bearer <token>.

When Rails sees that header, it is able to:

  • checks the token is valid, by checking its signature
  • decode it and extract any info stored in it.

Remember that JWT tokens can contain any info the backend wants to store in it. And the client is not able to tamper it, because it is signed cryptographically and it would invalidate its signature.

The above properties (the fact you can store anything in it, that the frontend sends it with every request and that nobody can tamper it) help any web application being able to:

Tudor Constantin
  • 26,330
  • 7
  • 49
  • 72
0

Since you are return api . And react is consuming it. Jwt help to return data you might need to persist in your frontend in react tho. Data like user name or email. Example : making the header of your website show a user is logged in. The main aim of jwt in frontend is basically auth. Apart . If you are using a monolith app u deal with session for user In react case jwt stands in as the session

hamzat
  • 21
  • 3
0

The main aim of jwt in frontend is basically auth or other. Apart . If you are using a monolith app remeber u deal with session for user In react case jwt stands in as the session

hamzat
  • 21
  • 3