JWT - herougo/SoftwareEngineerKnowledgeRepository GitHub Wiki

JSON Web Tokens

Authentication is a process to authenticate a user, that is, to verify that someone is who they say they are. Authorization is about determining a user's level of access and then granting access based on that level.

Traditional Authentication

JWT Authentication

Advantages of JWT

• no server-side storage
• can work across different servers

JWT components

• base64-encoded header (hashing alg, etc)
• base64-encoded payload
• signature (encrypted using the secret key, the base64 header, and the base64 payload)

Signature verified by re-computing it and checking a match on the given signature