Why use jwt?
#Why use jwt?
summer plaza
topaz flint
- They allow for stateless authentication for a good number of API requests. Stateless = no database calls to authenticate a valid user of your API.
- They allow for safe transmission of data between client and server, allowing for point. 1 too.
- They can hold information relative to the user i.e. roles and or other data pertaining to the user's permissions.
- They allow for 3rd party authentication servers/ cross-server authentication = better scalability of server resources
Just a few off the top of my head..... 😛
half forum
Then the question should be why not to use jwt? Or when...
topaz flint
If your app/ API is small to medium sized and you don't intend for it to scale in the future, you can stick with good 'ol sessions. If you know or want your app/ API to scale or you know at some point you'll want your auth system on another server, using JWTs is preparation for that.
There are ways to scale sessions to multiple servers too, but it gets a little more complicated than with JWTs.
torpid yarrow
the difference between sessions and jwt
is how the access works
with sessions you get a cookie, that acts as a key to access the data stored on the session
with jwt data doesn't get saved on the server anymore
instead directly encoded on the cookie it self
that means security is in the encoding this time
you only need to validate it on the server
because jwt lives encoded on the client
it is very easy to hop between multiple servers
with with the same cookie key
this is good for things like banks that require to store different things on multiple servers
so it is mostly used for micro services
but a lot of people also tend to use it for lazy auth
because it makes it easy if you run your client and server separate
i would say that is overkill
summer plaza
If your app/ API is small to medium sized and you don't intend for it to scale i...
another suggested for auth?
summer plaza
another suggested for auth?
@torpid yarrow
torpid yarrow
sessions or jwt are your only options out there
you end up with cookies no matter what
but you should always ask your self
"am i going to connect to more then 1 server or not"
yes: JWT
no: SESSION
summer plaza
sessions or jwt are your only options out there
you end up with cookies no matte...
And i have another question what is different create custom account manager or use passport
torpid yarrow
And i have another question what is different create custom account manager or u...
idk account manager, i always tend to use passport
summer plaza
idk account manager, i always tend to use passport
?