JWT stands for Json Web Token. It is the most popular user authorization technique for web applications nowadays, mostly micro web services and it is used to share security information between two sides like a client and a server or a server and a server.It can be used as an authentication mechanism that does not need a database.
There are two authentication system we can follow,
- Session token
- JWT token
JWT Token: Modern and largest web application has multiple servers. Then multiple servers are maintained by load balancers and also shared redis sessions in the database.
But if the shared redis session is crashed or down, then the service will be stopped.
So JWT comes to solve this problem.
The user sends a request to the server,then the server sends the jwt token to the user. Inside this jwt token, the server includes header, payload and signature.
Inside the header, the server is written in which algorithm is used in this jwt token.
Payload is the user information and signature is the secret key.
By the secret key, the server ensures that this is the right user.
In this case, the server does not keep any data from the user. All the data will be sent from the server to the user and the user keeps this jwt token in browser cookies or others.
Top comments (0)