Tokens based authentication
Avoid malicious attacks , stop user phishing, Eradicate threats . Mobile ready
The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource — without using their username and password. Once their token has been obtained, the user can offer the token — which offers access to a specific resource for a time period — to the remote site.
Industry standard RFC 7519 method for securety between two parties.
Internet Engineering Task Force (IETF) M. Jones Request for Comments: 7519 Microsoft Category: Standards Track J…tools.ietf.org
JSON Web Tokens (JWT):
If you encounter a token in the wild, it looks like this:
This is a Base64 encoded string. If you break it apart you’ll actually find three separate sections:
What you see is a header which describes the token, a payload which contains the juicy bits, and a signature hash that can be used to verify the integrity of the token (if you have the secret key that was used to sign it).