I have noticed the convention is to send a JWT in the header under the field Authorization. The standard is to send the token as such:
Authorization:Bearer [token]
My question is why do I need to put the Bearer part why not just:
Authorization:[token]
When I receive the first request I need to parse every request to get rid of the Bearer when I verify my JWT. What is the point of this?
JWT is an encoding standard for tokens that contains a JSON data payload that can be signed and encrypted. JWT can be used for many things, among those are bearer tokens, i.e. a piece of information that you can present to some service that by virtue of you having it (you being the "bearer") grants you access to something.
@PostMapping ("user/token") public @ResponseBody User getUser (@RequestParam ("token") String token) { String email=jwtTokenUtil.getUsernameFromToken (token); User user=userRepository.getUserByUsername (email); return user ; } If you want to add Bearer in front of the token in the body you can add it with:
JWTs appears at RFC 7519, and Bearer Token is at RFC 6750 . For example, the Bearer: I used to send token to server by AJAX or add token to the query string of the url. I know that a token can also be sent by adding it to a request header.
Since we are using JWT Authentication, All the authorize request should contain an authorization header. Which in this case, it is the token that is generated from the login method.
It was started in the HTTP 1.0 standard, that added the Authorization: Basic
.
Then some other popular protocols (/frameworks) popularised other kinds of authentication, like OAuth's Authorization: Bearer
.
Practically, the HTTP standard (both "obsolete" and "more modern") declare it as
Authorization = "Authorization" ":" credentials
without any constraints on how the credentials
to be shaped.
So it is up to you on what you put there, as soon as it works for you.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With