Bears In Authentication - adriana-401-advanced-javascript/seattle-javascript-401n13 GitHub Wiki

Authentication using tokens securely transmits information between parties as a JSON object.

Whenever the user wants to access a protected route or resource, the user agent should send the JWT, typically in the Authorization header using the Bearer schema. The content of the header should look like the following:

Authorization: Bearer <token>

Steps taken:

1. The application or client requests authorization to the authorization server. This is performed through one of the different authorization flows. For example, a typical OpenID Connect compliant web application will go through the /oauth/authorize endpoint using the authorization code flow.
2. When the authorization is granted, the authorization server returns an access token to the application.
3. The application uses the access token to access a protected resource (like an API).

This makes a secure entry to the desired product with that one token, you can use this token over and over again once received.

https://jwt.io/introduction/ https://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure