Why should you use JWT's?

In this article, we would be learning about JWT’s and why you should use them for authorizations.

JSON web token (JWTpronounced “jot” ) is an open standard (RFC 7519) that defines a compact, self-contained way to securely transmit information between parties as a JSON object.

Let’s break this down

JWT is used for AUTHORIZATION, not AUTHENTICATION.

• In authentication, we take in a username and password and make sure it’s correct (logging in).
• In authorization, we make sure the user who is sending requests to your server is the same user who logged in during authentication. This is usually done using Sessions, where a session ID is sent down to the browser’s cookies and moved ahead to authorize the user.

Session based authentication

In session based authentication, the user logs in from a client (by posting an email and password to a client), and the server does the authentication. If this is correct, the user is stored in the session, and the session is stored on the serverthe server will have a unique ID that corresponds with the location in memory. The ID is then sent back to the browser using a cookie that sends the ID up to the server each time it makes a request.

Token based authentication

Why JWT?

Instead of storing information on the server after authentication, JWT creates a JSON web token and encodes, sterilizes, and adds a signature with a secret key that cannot be tampered with. This key is then sent back to the browser. Each time a request is sent, it verifies and sends the response back.

The main difference here is that the user’s state is not stored on the server, as the state is instead stored inside the token on the client-side.

JWT also allows us to use the same JSON Web Token in multiple servers that you can run without running into problems where one server has a certain session, and the other server doesn’t.

Most modern web applications use JWT for authentication reasons like scalability and mobile device authentication.