JSON web tokens (JWT) are a fast and easy way to add authentication and authorization to any web service.

Although they sound similar, authentication and authorization are two fundamentally different things.

Authentication is the process of confirming that a user is who they claim to be. Usernames and passwords, face ID, and single-use passcodes are all examples of authentication.

Authorization, on the other hand, limits the scope of what a user is allowed to do. Granting additional access to an administrator, compared to a regular user, would be an example of authorization.

Say you log in to Medium using your username and password. If successful, Medium has authenticated that you are who you claim to be. You might then go and change your profile settings, since this is your own account, you are authorized to do this.

What is a JWT

A JSON web token, or JWT for short, is a compact method for representing claims securely. Essentially, it’s a secure way to exchange information between two parties, which is digitally signed.

A JWT is comprised of 3 parts. A header, payload, and signature verification.

---

---

---

---

#json-web-token #security #web-development #jwt #javascript