"Access Denied" - adriana-401-advanced-javascript/seattle-javascript-401n13 GitHub Wiki

Authentication using jwt involves hashing, salt, secrets, and tokens. Just like my family breakfasts...

Hashing - a mathematical algorithm that maps a message to a bit string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function, that should be nearly impossible to decode.

Salt - A password hash requires the use of a large random, non-secret salt value which can be stored with the password hash. The salt randomizes the output of the password hash, making it impossible for an adversary to store tables of passwords and precomputed hash values to which the password hash digest can be compared.

Secret - A code that is hidden in your .env file used for jwt for your token. JWT is created with a secret key and that secret key is private to you. When you receive a JWT from the client, you can verify that JWT with this that secret key. Any modification to the JWT will result into verification failure.

Token - JSON Web Tokens consist of three parts separated by dots (.), which are:

• Header
• Payload
• Signature These tokens are another way to authenticate as they are a key to get in.

https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html https://jwt.io/introduction/ https://itnext.io/so-what-the-heck-is-jwt-or-json-web-token-dca8bcb719a6