Bearer authentication (also called token authentication) - mwilkin-401-advanced-javascript/bend-javascript-401d2 GitHub Wiki

Reading-class13-Bearer Authorization

JSON Web Tokens JWT) are an important piece in ensuring trust and security in your application. JWT allow claims, such as user data, to be represented in a secure manner. The token is composed of a header, a payload, and a signature. The header, which is a JSON object, contains information about how the JWT signature should be computed. The payload is the data that is stored inside the JWT. The signature algorithm encodes the header and payload with base64url and joins them together. Next, the specified signature algorithm is applied with the secret key on the period-joined encoded header and encoded payload, we get the hashed data needed for the signature. Once the three components are created, the JWT can be created. Remembering the header.payload.signature structure of the JWT, we simply need to combine the components, with periods (.) separating them.

Below is a simple 3 entity example of how the JWT process:

It is important to understand that the purpose of using JWT is NOT to hide or obscure data in any way. The reason why JWT are used is to prove that the sent data was actually created by an authentic source.

Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.”