Tokens based authentication

Avoid malicious attacks , stop user phishing, Eradicate threats . Mobile ready

The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource — without using their username and password. Once their token has been obtained, the user can offer the token — which offers access to a specific resource for a time period — to the remote site.

Industry standard RFC 7519 method for securety between two parties.

JSON Web Tokens (JWT):

If you encounter a token in the wild, it looks like this:


This is a Base64 encoded string. If you break it apart you’ll actually find three separate sections:


What you see is a header which describes the token, a payload which contains the juicy bits, and a signature hash that can be used to verify the integrity of the token (if you have the secret key that was used to sign it).