25 November 2021
What is JWT authentication?
JSON Web Token (JWT) is an authentication mechanism that acts as a claim between server and client to exchange information.
JWT Flowchart
Why is JWT authentication needed?
There are mainly two ways by which servers can identify clients and process requests.
Session-Id
Session id is stored on the server-side so that whenever the client makes a req server checks session-id and process request.
Problem with Session Id:
In the modern web application, There can be multiple servers present. Session id will only be stored on that server and if the client’s request has gone to another server it does not identify the client.
How JWT Solves this problem?
In JWT authentication, the Session is not stored on the server-side.
- When the User Passes Credentials (email-id, password) to the server.
- Server Checks in the database if this user is present.
- If the user is present, the server creates Signature Token using (Header, Payload ).
- Header specifies which encryption algorithm to be used. (SHA-256)
- Payload is the User’s data like an email.
- Server encrypts It using a secret key.
- Send this Token to the client and for every request, the client has to send this token.
- Server gets the request and verifies the token by decrypting the token.
- This works because the Server only has a secret key for encryption and decryption.
What is the JWT structure?
JWT consist of three parts that are separated by dots (.), which are:
- Header
- Payload
- Signature