Is ajax the best/only way to add a jsonwebtoken (JWT) to a request header?
I have a simple multi-page site written in vanilla JS, Pug, and Node, that uses login with JWT. When a user logs in, the client is returned a JWT. The JWT is stored in localStorage. Now, when a user clicks a link to a protected route on a given page, I need to send the JWT to the server so it can authenticate that the JWT is valid (i.e., user is logged in).
I understand I can do something like this for a given protected route:
$.ajax(
url: "/protected",
type: "GET",
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
window.location.replace("/profile");
else
window.location.replace("/login");
,
error: (err) => console.log(err)
);
It seems like a lot of overhead for a simple link click. Is this the recommended method of adding a JWT to a request header or is there a better way?
jwt
asked Nov 12 '18 at 18:09
Scott
6117
add a comment |
I have a simple multi-page site written in vanilla JS, Pug, and Node, that uses login with JWT. When a user logs in, the client is returned a JWT. The JWT is stored in localStorage. Now, when a user clicks a link to a protected route on a given page, I need to send the JWT to the server so it can authenticate that the JWT is valid (i.e., user is logged in).
I understand I can do something like this for a given protected route:
$.ajax(
url: "/protected",
type: "GET",
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
window.location.replace("/profile");
else
window.location.replace("/login");
,
error: (err) => console.log(err)
);
It seems like a lot of overhead for a simple link click. Is this the recommended method of adding a JWT to a request header or is there a better way?
jwt
asked Nov 12 '18 at 18:09
Scott
6117
add a comment |
I have a simple multi-page site written in vanilla JS, Pug, and Node, that uses login with JWT. When a user logs in, the client is returned a JWT. The JWT is stored in localStorage. Now, when a user clicks a link to a protected route on a given page, I need to send the JWT to the server so it can authenticate that the JWT is valid (i.e., user is logged in).
I understand I can do something like this for a given protected route:
$.ajax(
url: "/protected",
type: "GET",
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
window.location.replace("/profile");
else
window.location.replace("/login");
,
error: (err) => console.log(err)
);
It seems like a lot of overhead for a simple link click. Is this the recommended method of adding a JWT to a request header or is there a better way?
jwt
asked Nov 12 '18 at 18:09
Scott
6117
I have a simple multi-page site written in vanilla JS, Pug, and Node, that uses login with JWT. When a user logs in, the client is returned a JWT. The JWT is stored in localStorage. Now, when a user clicks a link to a protected route on a given page, I need to send the JWT to the server so it can authenticate that the JWT is valid (i.e., user is logged in).
I understand I can do something like this for a given protected route:
$.ajax(
url: "/protected",
type: "GET",
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
window.location.replace("/profile");
else
window.location.replace("/login");
,
error: (err) => console.log(err)
);
It seems like a lot of overhead for a simple link click. Is this the recommended method of adding a JWT to a request header or is there a better way?
jwt
jwt
asked Nov 12 '18 at 18:09
Scott
6117
asked Nov 12 '18 at 18:09
Scott
6117
edited Nov 12 '18 at 18:14
asked Nov 12 '18 at 18:09
Scott
6117
asked Nov 12 '18 at 18:09
Scott
6117
asked Nov 12 '18 at 18:09
Scott
6117
6117
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes, pretty much this is the only way. But to simplify your things you can create a wrapper on above ajax method and use that function for protected routes.
function authAjax(url, method, successCallback, errorCallback)
$.ajax(
url: url,
type: method,
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
successCallback(res)
else
window.location.replace("/login");
,
error: (err) =>
console.log(err)
errorCallback(err)
);
And use this like:
authAjax('/protected', 'GET', (data) =>
console.log('API res', data)
, (err) =>
alert('Sorry, Something went wrong :(')
)
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53267787%2fis-ajax-the-best-only-way-to-add-a-jsonwebtoken-jwt-to-a-request-header%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, pretty much this is the only way. But to simplify your things you can create a wrapper on above ajax method and use that function for protected routes.
function authAjax(url, method, successCallback, errorCallback)
$.ajax(
url: url,
type: method,
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
successCallback(res)
else
window.location.replace("/login");
,
error: (err) =>
console.log(err)
errorCallback(err)
);
And use this like:
authAjax('/protected', 'GET', (data) =>
console.log('API res', data)
, (err) =>
alert('Sorry, Something went wrong :(')
)
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
add a comment |
Yes, pretty much this is the only way. But to simplify your things you can create a wrapper on above ajax method and use that function for protected routes.
function authAjax(url, method, successCallback, errorCallback)
$.ajax(
url: url,
type: method,
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
successCallback(res)
else
window.location.replace("/login");
,
error: (err) =>
console.log(err)
errorCallback(err)
);
And use this like:
authAjax('/protected', 'GET', (data) =>
console.log('API res', data)
, (err) =>
alert('Sorry, Something went wrong :(')
)
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
add a comment |
Yes, pretty much this is the only way. But to simplify your things you can create a wrapper on above ajax method and use that function for protected routes.
function authAjax(url, method, successCallback, errorCallback)
$.ajax(
url: url,
type: method,
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
successCallback(res)
else
window.location.replace("/login");
,
error: (err) =>
console.log(err)
errorCallback(err)
);
And use this like:
authAjax('/protected', 'GET', (data) =>
console.log('API res', data)
, (err) =>
alert('Sorry, Something went wrong :(')
)
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
Yes, pretty much this is the only way. But to simplify your things you can create a wrapper on above ajax method and use that function for protected routes.
function authAjax(url, method, successCallback, errorCallback)
$.ajax(
url: url,
type: method,
headers:
'Authorization': 'Bearer ' + <token>
success: (res) =>
if (res.status == 200)
successCallback(res)
else
window.location.replace("/login");
,
error: (err) =>
console.log(err)
errorCallback(err)
);
And use this like:
authAjax('/protected', 'GET', (data) =>
console.log('API res', data)
, (err) =>
alert('Sorry, Something went wrong :(')
)
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
answered Nov 13 '18 at 6:37
Suresh Prajapati
1,2882923
1,2882923
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53267787%2fis-ajax-the-best-only-way-to-add-a-jsonwebtoken-jwt-to-a-request-header%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
