How to handle file downloads with JWT based authentication?
I\'m writing a webapp in Angular where authentication is handled by a JWT token, meaning that every request has an \"Authentication\" header with all the necessary informati
-
An additional solution: using basic authentication. Although it requires a bit of work on the backend, tokens won't be visible in logs and no URL signing will have to be implemented.
Client Side
An example URL could be:
http://jwt:@some.url/file/35/download Example with dummy token:
http://jwt:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwIiwibmFtZSI6IiIsImlhdCI6MH0.KsKmQOZM-jcy4l_7NFsv1lWfpH8ofniVCv75ZRQrWno@some.url/file/35/downloadYou can then shove this in
orwindow.open("...")- the browser handles the rest.
Server Side
Implementation here is up to you, and is dependent on your server setup - it's not too much different from using the
?token=query parameter.Using Laravel, I went the easy route and transformed the basic authentication password into the JWT
Authorization: Bearer <...>header, letting the normal authentication middleware handle the rest:class CarryBasic { /** * @param Request $request * @param \Closure $next * @return mixed */ public function handle($request, \Closure $next) { // if no basic auth is passed, // or the user is not "jwt", // send a 401 and trigger the basic auth dialog if ($request->getUser() !== 'jwt') { return $this->failedBasicResponse(); } // if there _is_ basic auth passed, // and the user is JWT, // shove the password into the "Authorization: Bearer <...>" // header and let the other middleware // handle it. $request->headers->set( 'Authorization', 'Bearer ' . $request->getPassword() ); return $next($request); } /** * Get the response for basic authentication. * * @return void * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException */ protected function failedBasicResponse() { throw new UnauthorizedHttpException('Basic', 'Invalid credentials.'); } }
加载中...
- 热议问题