-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, why use jwt.decode, not jwt.verify #5
Comments
That mean sapper just share session info between sapper pages and components? all requests api sever need sapper send jwt to api server, and api server self verify jwt and decode jwt info, is that right? |
Your browser sends cookies to the api, the api checks authenticity. Watch the talk :) |
Sapper official example show blog posts that a json data file , if the posts from api server, so this request by sapper. Browser(with cookie) -> sapper -> api sever |
This is also fine, but requests direct to the API will also receive the
cookie.
Requests anywhere on the same domain will recieve the cookie. The only
place that can't see the cookie is the Sapper clientside app.
On Fri, 8 May 2020 at 14:36, jET ***@***.***> wrote:
Sapper official example show blog posts that a json data file , if the
posts from api server, so this request by sapper.
Browser(with cookie) -> sapper -> api sever
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABVORL4G4GI7KQRJR4CJW3RQQDFPANCNFSM4M3R4DLA>
.
--
…________________________________
ꜽ . antony jones . http://www.enzy.org
|
I am a little confused, can you give an example? |
The talk explains everything as clearly as I can.
On Fri, 8 May 2020 at 17:19, jET ***@***.***> wrote:
The only place that can't see the cookie is the Sapper clientside app.
I am a little confused, can you give an example?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABVORNIP2TL5MW3ACZV7ULRQQWKTANCNFSM4M3R4DLA>
.
--
…________________________________
ꜽ . antony jones . http://www.enzy.org
|
https://github.com/antony/sapper-authentication-demo/blob/master/src/server.js
Is this safe? The client can construct jwt that can be decoded.
The text was updated successfully, but these errors were encountered: