JWT: JSON Web Tokens
Explore how JSON Web Tokens (JWTs) enable secure web authentication by allowing servers to verify user identity without accessing credentials databases. Understand token validation, server security, and the advantages and limitations of JWTs in modern web applications.
We'll cover the following...
Updating information in our web application
The collection of the algorithm’s name, the JSON object, and the signature together make up the JWT. It’s sent as a cookie to the user, who will now resubmit it with every subsequent request. So, suppose the user now wants to update their information in a web application. They now submit the regular API request for that update together with the JWT authentication token in a cookie.
The server looks at the token and checks if it’s still valid. This requires verifying the signature by rehashing the data with the same secret as before, and double-checking that the token has not yet expired.
- Only if the token is valid does the server perform the requested action.
- If the token is invalid, this must also be handled gracefully,