What are JWT(Json Web Tokens)?
- Pronounced as jot(JWT)
- It is a means of transferring information between parties using JSON object.
It consist of three parts separated by dot(.)
- like xxxx.yyyy.zzzz
a typical JWT look like this :
Header contains two parts
- type of token which is JWT.
- hashing algorithm
Payload contain claims which can be reserved,public,private.
Signature for creating signature we take encoded header,encoded payload and sign that.
How JWT works?
- when a user sends a post request to the server (like login), a JWT will be returned.
- the server will check for a valid JWT .
- if there is a valid JWT user will be allowed to access the protected page!
Why use JWT?
-small in size
- more secured due to digital signature
- easier to process. -stateless authentication (user is not saved in server memory)
- reduces need to go back and forth to database for information
Common Use Cases :
- Information exchange