10.6 Authentication via JWTs
Until now, anyone who has access to your REST interface can also query it and read the data. However, this is by no means acceptable for an application that works with sensitive data. The solution to this problem, as in the previous chapter, is authentication. However, classic authentication via a login form is out of the question for a web service because the user doesn’t usually work directly with the service. Furthermore, storing credentials in a server-side session violates the stateless nature of REST. As a result, a token-based login process has become the accepted authentication mechanism for REST interfaces. In this context, JSON web tokens (JWTs) are often used.
JWTs are standardized in request for comment ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access