Fak3
commented
7 years ago The client can't check the validity of jwt token itself, as she does not know server's secret jwt seed.
Closed subhankarb closed 7 years ago
Fak3
commented
7 years ago The client can't check the validity of jwt token itself, as she does not know server's secret jwt seed.
Fak3
commented
7 years ago The only way to remove extra client-server roundtrip in mpa website is to pass jwt in cookies.
Fak3
commented
7 years ago The issue #191 can be handled by the client, as she only needs to check the expiration time fo the token, not the validity. But in general we will have to switch to cookies, so it will solve #191 automatically.
subhankarb
commented
7 years ago @Fak3 sorry it is not the validity. It is the expiration time :).
rufuspollock
commented
7 years ago @subhankarb there is still no clear description of the problem from the user perspective. What do they experience here that is problematic? If this is not a user problem what is the technical issue?
subhankarb
commented
7 years ago @rufuspollock
Problem 1: Refresh problem
Problem 2: Login Problem.
subhankarb
commented
7 years ago FIXED. Fixed with pull req https://github.com/frictionlessdata/dpr-api/pull/235
We use jwt for tracking user's signed in or signed out status. Every time user goes to home page index.html page returns back. Then we check token stored in local storage. Then send token to server for expiration check. Then new page returns back from server.
Problem:
/to check jwt expiration time, and if expired from server we redirect to logout.html from server.Solution: We check the validity of JWT from client itself. And remove redirect from server. And check token in local store before loading new html page. So the logic for token check should be base.html which every other html page extends.
This will also solve #191
Tasks: