Understanding JSON Web Tokens
We have implemented a RESTful API that serves the information to be displayed into our Aurelia web app. This API doesn't have any security mechanism, so if any malicious users get the endpoint URL, they can run malicious scripts against our application and ruin our application. For that reason, we should reject any management operations performed by unauthorized users.
Our app should implement a mechanism to manage user's access and privileges. There are many ways to implement authentication and authorization. For our application, we will be using an open standard in the industry called JSON Web Token (JWT).
JWT
JWTs are an open, industry standard, RFC 7519 (https://tools.ietf.org/html/rfc7519.html) method for representing claims securely between two parties. The way we use them is simple. First, we authenticate to the backend server by providing a username or password. If our credentials are correct, the backend server will generate a token that will contain the...
