search

AnthonyDeroche / mod_authnz_jwt

An authentication module for Apache httpd using JSON Web Tokens
Other
79 stars 46 forks source link

Using tokens from external sources #35

Closed adambrakhane closed 3 years ago

adambrakhane commented 5 years ago

We are already issuing JWT tokens for access to our API but would like to start protecting some semi-static websites (including images/static files) with the same auth scheme. We are imagining:

1) User goes to HTML/JS login page that sends credentials to our existing API which returns a JWT token 2) We somehow inform the browser (basic auth?, cookie, local storage) that we have a token 3) Now the browser automatically sends the Authorization header or cookie with each requests & mod_authnz_jwt validates

Is there a way I can coerce the browser to send custom Authorization headers?

I believe I am interested in what is happening here: https://github.com/AnthonyDeroche/mod_authnz_jwt/issues/28

AnthonyDeroche commented 5 years ago

Hello, There is no way in my knowledge to coerce the browser to send Authorization header by itself. You have to use cookie. I'm still waiting for a PR from #28 for that.

AnthonyDeroche commented 3 years ago

As PR #28 has been merged, you can use a Cookie to force the browser to send the token in all requests. I close the issue.