Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

general
community creator

Why should you use JWT's?

Chisom Nwokwu

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

widget

In this article, we would be learning about JWT’s and why you should use them for authorizations.

JSON web token (JWTpronounced “jot” ) is an open standard (RFC 7519) that defines a compact, self-contained way to securely transmit information between parties as a JSON object.

Let’s break this down

JWT is used for AUTHORIZATION, not AUTHENTICATION.

  • In authentication, we take in a username and password and make sure it’s correct (logging in).
  • In authorization, we make sure the user who is sending requests to your server is the same user who logged in during authentication. This is usually done using Sessions, where a session ID is sent down to the browser’s cookies and moved ahead to authorize the user.

Session based authentication

USE OF SESSIONS AND COOKIES
USE OF SESSIONS AND COOKIES

In session based authentication, the user logs in from a client (by posting an email and password to a client), and the server does the authentication. If this is correct, the user is stored in the session, and the session is stored on the serverthe server will have a unique ID that corresponds with the location in memory. The ID is then sent back to the browser using a cookie that sends the ID up to the server each time it makes a request.

Token based authentication

JSON Web Tokens
JSON Web Tokens

Why JWT?

Instead of storing information on the server after authentication, JWT creates a JSON web token and encodes, sterilizes, and adds a signature with a secret key that cannot be tampered with. This key is then sent back to the browser. Each time a request is sent, it verifies and sends the response back.

The main difference here is that the user’s state is not stored on the server, as the state is instead stored inside the token on the client-side.

JWT also allows us to use the same JSON Web Token in multiple servers that you can run without running into problems where one server has a certain session, and the other server doesn’t.

Most modern web applications use JWT for authentication reasons like scalability and mobile device authentication.

RELATED TAGS

general
community creator

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring