How JSON Web Tokens Work
JSON Web tokens or JWTs are a very popular way to do user authorization in web apps today. JWT has also become very popular in the context of micro services and some of the other developments in the way we build web applications today.
Let’s set aside all the jargon and the libraries for a bit. In this article, you’ll understand what JWT is and how the technology behind it works, specifically in the context of securing web applications.
Although JWT is commonly used for managing authorization, the idea behind JWT is actually something else - for exchanging information! There’s an open industry standard specification called RFC 7519 that outlines how a JWT should be structured and how to use it for exchanging information, or claims as it’s usually called. But since JWT is so widely for authorization, let’s focus our attention in this article to just that.
The need for authorization
So, you want to do authorization for you web application? What are your options? In addition to JWT, there are a bunch more options including session IDs. All these authorization mechanisms have one thing to blame — HTTP. HTTP is a stateless protocol. What it means is every interaction in HTTP needs to contain all the information needed for that interaction. Nothing is remembered from before. No state is maintained over multiple…
