Token Based Authentication
Explore the principles of token based authentication, focusing on how encrypted tokens stored client-side enhance security and scalability. Understand the roles of access and refresh tokens in managing user sessions and authorizations without storing data on the server.
In the previous lesson, we discussed that in session-based authentication, the user information is stored on the server. This resulted in lots of issues related to performance and scalability. But what if we don’t want to save the user information on our server? We can’t save the user information in cookies as they have a size limit and also it is not safe.
We have an alternative to cookies, and that alternative is tokens. A token can store all the user information in an encrypted format and this token can be stored on the client-side.
Here is the basic flow of token-based authentication:
- The client sends a request to the server with a username/password.
- The