🔐

Authentication / Authorization

What is JWT?
JWT defines a token format (not protocol) that is used for authorization, not authentication
How does traditional authentication login system that uses cookies and sessions to store the user session information?
image
How does authentication work with JWT (JSON Web Token)?
image
image
What does a JWT consist of? What does it look like?
image
What is in the Header of a JWT?
image
What is in the Payload of a JWT?
image
image
image
image
image
Claims like "iat", "exp" and "eat" are useful for security (expiring JWTs)
What goes in the Signature of a JWT?
image
How would a client use a JWT to authorize access to protected routes and resources?
image
What is OAuth? What is the key benefit of using it?

OAuth is a delegated authorization framework (not a protocol) for REST/APIs. It enables apps to obtain limited access (scopes) to a user’s data (on services like Facebook, Github, DigitalOcean) without giving away a user’s password.

👍 It decouples authentication from authorization and supports multiple use cases addressing different device capabilities

How does OAuth work?
image
image