recently I read that storing JWT tokens in local storage isn't safe, and the better way is to store it in session or httpOnly cookie. I use laravel and passport for handling authentication in my app and I want to have the same API for my mobile app and web app, I need a way to handle auth with session/cookie with the passport. The way I thought about is using middleware to check if we have the session/cookie, then get token from it and add it to headers, then passport thinks we sent authentication header and does its work as usual. now my question is : Is there a better way to handle this scenario?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire