What is JWT?
JWT stands for JSON Web Token, it is an open standard used to share security information between two parties.
Basically, a JWT token contains 3 parts:
Header
Describing the algorithm used in the JWT like HS256, HS512, RS256, etc.
Payload
Storing the actual data
Signature
A data signature used to verify whether the data is valid or not
These 3 parts form a JWT token for a client and a server to verify each other. A valid JWT token has 3 parts and is separated by a dot. For example:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
JWT Use Case
JWT is commonly used in API Authentication. We can store the User ID in the JWT token and the client can leverage that token to talk to the server. The server will decode the JWT and read the User ID from the JWT token and verify its identity.
When Not to Use JWT?
Sensitive data
If you have sensitive data, JWT might not be a good solution for you. When using JWT, we need to store the JWT token on the client-side. People can read the payload by using a JWT decoder like jwt.io. So, don’t use JWT if you have sensitive data.
The size is too large
Avoid using JWT if your data size is large because it might affect your frontend application. Cookie might not have enough space to store large size of data since it has a size limitation. Also, it will affect API performance as the HTTP request needs to transmit large data to your server.
solid stuff Ray
solid stuff Ray