I have two REST end points.
accounts.mydomain.com/login
- An identity provider, sends a JWT token as response once a user is authenticated with his username/password.api.mydomain.com/users
- Accepts the above JWT token asAuthorization
header, verifies it and sends user JSON as response if the token is valid.
I have created my UI using Angular2
- A login page at
myservice.mydomain.com
, which captures username/password andPOST
s the credentials to the rest endpointaccounts.mydomain.com/login
and gets JWT token as response. Below page will be shown once the JWT token is received. - A home page of users at
users.mydomain.com
. This page should be shown only if the above JWT token is verified against the rest endpointapi.mydomain.com/users
.
I though I would send the JWT token from the response of login page to users.mydomain.com?t=JWTtoken
using window.location.href
and get the token from query param to send it to api.mydomain.com/users
as Authorization
header.
I know that, if the JWT token size is increasing, sending the token in the query parameters is not good.
Can anyone suggest me a better way to achieve the above requirement? Is it possible to send the JWT token in the header instead of query parameter?