Securing JWT token in page url

hariprasath · February 21, 2019, 3:35pm

We are passing JWT token as query parameter in the url to authenticate ajax request in the redirected page as shown below.

AP.navigator.go(‘addonModule’, { addonKey: ‘addon_key_here’, moduleKey: ‘module_key_here’, customData: {id: “10”, jwt: token_here}});

But it is easily accessible over the query parameter. We want to secure it from the user level. Is there any way/option to pass JWT token in a secure/hidden manner?

epehrson · February 21, 2019, 5:33pm

@hariprasath, if you need a JWT token, perhaps you could use AP.context.getToken()?

If you have some other use case, it sounds like you should probably store the data on your own servers.

hariprasath · February 22, 2019, 3:14pm

Hello @epehrson,

Now I am able to generate JWT token and authenticate every request in redirected page too.

Cheers,
Hari Prasath P