Differences between revisions 1 and 7 (spanning 6 versions)

jwt (JSON Web Token)

JSON Web Token

Overview

In authentication, when the user successfully logs in using their credentials, a JSON Web Token will be returned and must be saved locally (typically in local or session storage, but cookies can also be used), instead of the traditional approach of creating a session in the server and returning a cookie.

The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.

This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the Authorization header, and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times.

-  ⇤ ← Revision 1 as of 2019-07-31 13:33:38 → 
  Size: 1098
  Editor: localhost
  Comment:
+   ← Revision 7 as of 2019-08-26 10:29:19 → ⇥
  Size: 1313
  Editor: localhost
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-= jwt =
+= jwt (JSON Web Token) =
 Line 3:
+ * https://tools.ietf.org/html/rfc7519
 * https://en.wikipedia.org/wiki/JSON_Web_Token
 * https://jwt.io/
 * https://www.devglan.com/spring-security/spring-boot-jwt-auth
 * https://www.baeldung.com/spring-security-oauth-jwt
-Line 4:
+Line 9:
- * https://en.wikipedia.org/wiki/JSON_Web_Token
{{{
+== Overview ==
-Line 8:
+Line 12:
-The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a web-browser single-sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.
+The tokens are designed to be compact,[2] URL-safe,[3] and usable especially in a '''web-browser single-sign-on (SSO) context'''. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.
-Line 10:
+Line 14:
-This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the Authorization header, and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times. 
}}}
+This is a stateless authentication mechanism as the user state is never saved in server memory. The server's protected routes will check for a valid JWT in the '''Authorization header''', and if it is present, the user will be allowed to access protected resources. As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times.