I am trying to implement json web token for my user authentication using jsonwebtoken and express-jwt in my expressjs, nodejs and angularjs app. I read various articles and tutorials and now I am a little confused about something.
First of what I understood about JWT is it is composed of three parts separated by period:
- Header: Describes the jwt and the algorithm.
- Payload: Contains the information:issuer, audience, expiry
- Signature: signature based on header and payload
So every request is made with the token, which is validated at server. According to this article, issuer is the one who makes request. In case of user authentication, user is the issuer. Now using express-jwt middleware, validated the token in request header and attaches the decoded token to req.user:
app.use(expressJwt({ secret: jwtSecret }).unless({ path: [ '/login' ]}));
How long can be the length of payload? And how and where do I save token on client side so my session persists even after browser closes, unless the user logs out, like facebook's "keep logged in"? Because I dont want the user to be prompted to log in again if the token expires, I want the token to renew unless the user logs out.
