JWT Token
Procedure ->
- Basically when a client sends request to the server for the first time-> Authentication.
- It sends it's username and password to get authenticated by the server.
- The server uses this information to generate a token -> JWT Token(Access Token) which has expiry time defined.
- This token is then sent to the client (browser) with the token appended as a response payload.
- Now since the client has the token -> so every time it requests the server, it sends this token along with the header of the request.
headers:{
authorization: 'Bearer <jwt_token>'
}
- This token lets the server know that it has been authenticated and can access the data.
- The server checks this token with the help of a public key it has and JWT verify method, and validates the client to access the data.
- The required response is sent back to the user.
What is the possible problem with JWT Token?
Ans. Security breach -> as this can be easily read by anyone if stored
in session/local storage from the browser and used to access that session, so in that case we instead store it in the frontend or client code and define setter and getter methods for the client to access it.
When the token is about to expire, there is another API that is hit.
Which is refresh token and this is fired based on a percentage of the original expire time after which it asks the backend for a new JWT Token
with new expiry time.
Top comments (0)