JWT in real life
Imagine being at a big technology conference (example CES) with lots of stages and fun things to do.
As soon as you get there, the give you a Conference Pass.
This Conference Pass is like your key to everything at the conference - Security guards at each stage simply look at your Conference Pass
to know if you can enter.
They don't need to call the conference organizers office or check the Registration list.
This is similar to know how JSON Web Tokens (JWT) function in the world of web programming.
JWTs are like digital Conference Pass for online services.
JWT in digital world
In the digital world, when you log into a website or app, it needs a way to remember that you're authenticated
(like having a ticket or conference pass to the conference).
Without JWT, you'd have to log in again every time you swicth pages or request data.
That would be like going to the ticket booth every time you want to enter a new stage at the conference - not practical!
The definition of JWT
JWT is a URL-safe, compact string for transferring claims between two parties, make of three dot-separated parts:
- Header (token type and encryption method)
- Payload (user data and info)
- Signature (verified token integrity)
Where it is used?
JWTs are widely used in web application for user authentication and information exchange.
They’re especially popular in Single Page Application (SPAs
) and for implement token-based authentication in RESTful APIs
.
How it’s implemented?
When a user logs in, the server issues a JWT. This token is stored by the user's browser and sent back with each request to the server.
Like the Conference Pass, it quickly proves the user’s identity and access rights, eliminating the need for repeated logins.