Introduction to JSON Web Tokens (JWT) and OAuth2
The previous style of authentication is a plain username/password and session-based. It has a limitation of managing sessions by saving them in the program memory or Redis/SQLite3. The modern REST API implements token-based authentication. Here, tokens can be any strings generated by the server, which allows the client to access resources by showing the token. Here, the token is computed in such a way that the client and the server only know how to encode/decode the token. JWT tries to solve this problem by enabling us to create tokens that we can pass around.
Whenever a client passes the authentication details to the server, the server generates a token and passes it back to the client. The client saves that in some kind of storage, such as a database or local storage (in case of browser). The client uses that token to ask for resources from any API defined by the server:
The steps can be summarized more briefly as follows:
- The client passes...