Explain Json Web Token(JWT).

JWT
JWT stands for Json Web Token. It is the most popular user authorization technique for web applications nowadays, mostly micro web services.

What we learn this blog:

  • What is JWT?
  • Why does it come?
  • How does JWT work?

-What is JWT?
JSON Web Token(JWT) is used to share security information between two sides like a client and a server or a server and a server.It can be used as an authentication mechanism that does not need a database.

-Why does it come?
We send/receive data from client to server or server to server using http protocol. So that time, http does not keep any data from the user side like user name or password. Because http is stateless protocol.

When we use a static website, that time the user sends just the url of the website, so there is no problem for http behaviour.

But when we use a dynamic website, that time the user sends not only the url of the website but also the user identity, so there is a problem with http behaviour.
Because a user sends a request for another page, how does the server understand - the user has the right to access the page or not?

Then the answer is using a token. Because every time the user doesn't send the user identification.

There are two authentication system we can follow,
Session token
JWT token

Session token:

The user sends the request to the server with user identification, then the server generates a session id for that user and this session id saves to the server session log and also sent to the user. The user saves the session id in the browser cookies or others.

When the user again requests to the server, that time, the cookies send this session id with the request, then the server checks the user session id inside the server session log.
If the session id matches with the session log, then the server serves the user.

But the problem is the modern and largest web application has multiple servers. Then multiple servers are maintained by load balancers and also shared redis sessions in the database.

But if the shared redis session is crashed or down, then the service will be stopped.

So JWT comes to solve this problem.

-How does JWT work?

The user sends a request to the server,then the server sends the jwt token to the user. Inside this jwt token, the server includes header, payload and signature.
Inside the header, the server is written in which algorithm is used in this jwt token.
Payload is the user information and signature is the secret key.
By the secret key, the server ensures that this is the right user.

In this case, the server does not keep any data from the user. All the data will be sent from the server to the user and the user keeps this jwt token in browser cookies or others.

29