have to explicitly send the token with every response? or is it just onetime? Is it sent through header or through response jason?
You return the auth token the first time with expiry date. The app that require auth check for expiry and the token is correct. If that token expired, return http redirect to the auth page
Yes. Then let's say we got authorized. Do we have to send they token again with other responses? Or do we store the token in the front-end?
Yes. Client need to send the token each time
so server needs to check the token at each end point too?
Should be, if you require each endpoint to have authentication before consuming
Thank you for explaining.
Обсуждают сегодня