February 2019
Beginner
694 pages
18h 4m
English
The mechanism of securely authenticating whether a request comes from an authorized source has been simplified greatly with the introduction of the JSON Web Token (JWT) standard, which is described in the open standard RFC 7519. The idea behind JWT is that a standard JSON object is encrypted using a secret key. This encryption process is known as signing a token. Only a holder of the secret key can verify that this token is valid. In other words, a server creates a token using its secret key, and then any request that comes into the server can verify that the token was signed correctly. JWT tokens are therefore stateless, and can be used quite easily in a load-balanced environment. As long as all servers that are within the ...