CodeNewbie Community

Tejaswini
Tejaswini

Posted on

Demystifying Java Script Web Token(JWT)

Alt Text

Ever wondered how authentication happens when you login to any website and you get all the details that are visible only to you. It happens because of Authentication by various methods. While I was learning how to design login and signup page for one of my project I thought it would be useful to learn what JWT is and then use it in project. So here is my take on it.

There are two ways 

  • Using Session ID
  • Using JWT 

Before discussing the JWT authentication let us understand about session and why it is not preferred always.
So whenever client sends a request to the server to fetch the response the session ID is sent by server in the form of cookie to the browser. So whenever we request the server for user details, browser sends the session ID and the response is sent back to the browser.

Now if we want the same credentials to login to different server we don't have same Session ID. So here comes JWT to our rescue.

Java Script Web Token:

Whenever a user logins to his/her account , the browser sends request to the server along with a secret key using JWT and server sends a token(encoded) which the browser can use for authentication.
Now whenever browser sends the token the server decodes it into three parts 

  1. Header
  2. Payload
  3. Signature

Let us discuss about them in short. Header contains details regarding the algorithm used for encoding and decoding, and type of token.

Payload is where we store the details of user like id and name. It also contains iat which is issued at time.

Signature is where the header and payload are combined and hashed using the algorithm in header section and it is verified with the last part in the token section that is after the last period by passing secret key. It verifies if user's token is changed or not.

We can transmit this token using middleware in various other methods in end points to fetch user's data. You can also define an expire time limit where tokens get expired after that interval.
Auth0 API is available for NODE-JS, JAVA, SWIFT .,etc.

JWT is open source and it has good documentation. You can refer the below link for more details.(Node-js)

https://github.com/auth0

Resources:

Images are collected from internet.

Discussion (0)