JWT and Cookies - nuthanc/microservice GitHub Wiki

JWT

• Payload({userid: 'kadsjf21', favoriteColor: 'red'}) -> JWT Creation Algorithm -> JWT(jlkjasdklfjsdfjlkadsjfklsdajfkldjfkladslkfdsfjlkadsjfkljsdf3)
• Communication of JWT from Browser to Server via 3 ways
  • In the Request Headers' Authorization field
  • In the Request Body's token field
  • IN the Request Headers' Cookie field(Only this is possible during Server Side Rendering)

Difference between Cookies and JWT's

• Transport mechanism vs Authentication/Authorization mechanism
• Moves any kind of data between browser and server vs Stores any data we want
• Automatically managed by the Browser vs We have to manage it manually

Cookies

• When the server sends a Response to the Browser, it can include Set-Cookie and a value for that in Headers of Response
• That value in Set-Cookie is automatically stored in the Browser
• When the Browser makes a follow-up request to the same Domain and port, it includes the Cookie automatically in the Request Header's Cookie field

req.session

• req.session is an object created by cookie-session middleware
• Any information we store inside will be serialized and stored inside the cookie