What is JWT and Why should we use JWT

What is JWT and Why should we use JWT

MEAN Stack 01-10-2021 Saheb Sutradhar

What is JWT  ? and Why should we use JWT ?

JWT stands for json wen token , JWT we use for authorization not for authentication .

What is Authentication ? 

With authentication we take the username and password from the user and checks the username and password both are correct that process we called it authentication.

What is Authorization ?

Authorization means checking the user sends the http request to the server is the same user that logged in during the authentication process.

Using Session

The way it normally happens ,  user sends the username and password in the server for login , in the server we check the credential it correct we store the user data in the session in database and send the sessionID as cookie to the browser. When the user sends a request with session cookie we verify the session and get the user and send back the response the browser or client.

What is JWT and Why should we use JWTUsing JWT

But in case of JWT(json web token), user sends the username and password in the server for login , in the server we check the credential it correct we create a json web token using the user data and secret and send back to the client , when user sends the request with the json web token we simply verify the token is valid or not , if valid we get the user from the token and process the request and sends the response to the client.

If someone whats to change or modify any data in the token then server will consider it as an invalid token since we use secret digital signature while creating the Json web token.

What is JWT and Why should we use JWT

In case for session we the information in the server database but in case of JWT we don't store any data in the server database.

 

Collected from : https://jwt.io/

What is JWT and Why should we use JWT

On the left hand side 

We have the token and the token is having 3 parts , 

  • eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9  - red part stores the header information.
  • eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ - part contains the payload information.
  • SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c - part is contain the verify signature.

On the right hand side 

Header section : this section contains the information or metadata  which of the algorithm used for the token and the type of the token.

Payload section : this section contains the user information that we have set in the token payload while creating the token.

Verify Signature : this section contains the information of the token signature , This jwt token is very secure because if you see in the verify signature section 

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
your-256-bit-secret )

 It's encoding the the header data and the payload data and the secret and then its hashing it with HMACSHA256 . So if in the client if you change the payload data and try to send the request in the server that data will not match with the data encoded and  stored in the signature , and that token will get consider as invalid token.

 

Why should we use JWT ? 

 

What is JWT  ? and Why should we use JWT ?

Example : The requirement if you have done the authentication in the Server 1 then you don't need authentication to have access of Server 2 .

 

Using Session :

Since both the servers are having their own database , and if the user does the authentication in server 1 so the session will get store in the database of server 1 , so the cookie which the user has got from the server 1 that will not work in server 2 because the session in not stored in the database of server 2, so with this approach we can not  fulfilment the above requirement .

Using JWT : 

Once the user does the authentication in server 1 , the server 1 will not store anything in the database of it , it will send json web token to the user which itself contains the user information and protected with secret, So User can use the same Json Web Token to access the server 2 .When user will send any request with the same token to the server 2 in server 2 will verify the token is valid or not if valid then server 2 will collect the user information and consider the user is authorized and process the request and send the response to the client .

Note : Both the servers should have same Secret key .

 

For this kind of scenario JWt is very helpful to use .

 

 

 

Also Learn What is Express Middleware ?

 

 

 

I hope this article is helpful for you , i am very glad to help you thanks for reading

 

 

 

Related Posts

Card image cap

NodeJS Path Module

MEAN Stack 23-09-2021 Saheb Sutradhar

NodeJS path module is the builtin module of nodeJS ,We use the path module to work with the file path, By declaring the below syntax we can import the path modu ...

Card image cap

Express Middleware

MEAN Stack 24-09-2021 Saheb Sutradhar

Middleware is a function which takes request object , either it returns response to the client or passes the control to the next middleware. ...