In this post, I will explain about JSON web tokens and how it can be used in the authentication.

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

JSON Web Tokens can be used to authorize and exchange information between parties.

JSON Web Tokens in the authorization

The most common scenario of using JWT. When the user is logged in using his username and password he gets a JSON web token which allows accessing routes, services, and resources that are permitted with that token. This is widely used because of its small overhead and its ability to be easily used across different domains.

JSON Web Tokens in exchange information

JSON Web Tokens are a good way of securely transmitting information between parties. Because JWTs can be signed — for example, using public/private key pairs — authenticity can be achieved. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn’t been tampered with.

#security #software-development #java #jwt #authentication