With API becoming so popular these days thanks to SPA base applications, it was also required to keep these APIs secure. So the most popular of securing api's is token based authentication, whose flow is little bit like this:
- In the browser User enters his username and password and the request goes from the client application to the server.
- Server checks for the user, authenticates it and sends a unique token to the user's client application.
So to fix the above problems of the token based authentication JWT came into picture.
JWT's full form is JSON Web Token. It is based on the concept that, it encrypts the authentication information into a compact JSON object, instead of passing the unique token of the user, which was required to be stored in the DB.
No comments:
Post a Comment