Ionic JWT generation

I know that JWT should be generated in the backend, however i need to generate it in the front-end, because the app runs fully offline and when connected it sends and receive data to/from backend.

I don’t know if it’s correct, but I’m trying to generate jwt inside ionic app and then send the jwt to backend to be validated to transfer data.

Anyone could help me and tell me a library to generate JWT inside ionic app or give an idea on how can i resolve this?

its important that the app should work without internet connection. i has internet connection just sometimes.

Thank you very much.

The main idea with JWT (which is why they are signed on the backend) is that they prove that the sending client (your Ionic app) speaks with a certain authority. A typical workflow:

  1. client sends username and password
  2. server responds with JWT
  3. client asks server to do something, provides JWT received in step 2

So in your situation, I would recommend one of two strategies:

A. Require steps 1 and 2 to be done when the app is first installed. Presumably this is a time where internet access is very likely (because the user just downloaded the app). Store the JWT on-device using Ionic Storage. Now queue up actions and whenever the network is available, burst them out with the JWT you have already received.

B. Just start queuing actions and requests. The first time you notice internet is available, pop a modal asking the user to authenticate, and then act as in strategy A.

Strategy A is probably going to be most familiar to the user, because lots of apps require you to do registration-type stuff at installation time. Strategy B would likely feel weirder, but would allow the user to start working immediately offline, if the APK was somehow side-installed.

Notice that neither strategy involves generating JWTs client-side, because there isn’t really any point in doing that. The server is going to be verifying the signatures on the JWTs in the end anyway, so it needs to have the private key, not the client.

1 Like