JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
JWTs are composed of three base-64 strings that are joined together with dot notation.
xxxxxxxxxx.yyyyyyyyyyy.zzzzzzzzz
The first component is the header, which contains information about the type of token and the hashing algorithm used to create it.
// decoded header
{
"alg": "HS256",
"typ": "JWT"
}
The second component is the payload, which contains the actual information being sent.
// decoded payload
{
"title": "The greatest note ever",
"body_html": "seriously, it is"
}
The last component is the signature. To create it, you take the encoded header, encoded payload, specified hashing algorithm, a secret, and sign it.
// method to create a signature
HMACSHA256(
base64UrlEncode(header) + "." + base64UrlEncode(payload),
secret)
Interceptors are used any time it is desirable to intercept requests before they are handed to the server and responses before they are handed off to the application code. They are factories that are added to the $httpProvider.interceptors array
In Meganote, we used an interceptor to add JSON Web Tokens to the headers of requests being sent to our API
Read more about interceptors here
Meganote-server: Morning | Afternoon
Meganote polish! Add final touches for a better user experience
Add flash messages for events like successfully signing in or out, reusing a username, non-matching passwords, etc
Enhance the returned JSON responses from the server for better communication with the user
Enforce database rules on the server side for things like unique usernames and password length
Add a spinner animation that appears while waiting for responses from the API