Discover more from Awesome Software Engineer
What is JWT?
Introduction to JWT
What is JWT?
JWT stands for JSON Web Token, it is an open standard used to share security information between two parties.
Basically, a JWT token contains 3 parts:
Describing the algorithm used in the JWT like HS256, HS512, RS256, etc.
Storing the actual data
A data signature used to verify whether the data is valid or not
These 3 parts form a JWT token for a client and a server to verify each other. A valid JWT token has 3 parts and is separated by a dot. For example:
JWT Use Case
JWT is commonly used in API Authentication. We can store the User ID in the JWT token and the client can leverage that token to talk to the server. The server will decode the JWT and read the User ID from the JWT token and verify its identity.
When Not to Use JWT?
If you have sensitive data, JWT might not be a good solution for you. When using JWT, we need to store the JWT token on the client-side. People can read the payload by using a JWT decoder like jwt.io. So, don’t use JWT if you have sensitive data.
The size is too large
Avoid using JWT if your data size is large because it might affect your frontend application. Cookie might not have enough space to store large size of data since it has a size limitation. Also, it will affect API performance as the HTTP request needs to transmit large data to your server.
Thanks for reading Awesome Software Engineer! Subscribe for free to receive new posts and support my work.