Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
March 23, 2021 03:05 pm GMT

Why JSON Web tokens are required?

JSON web tokens (acronym JWT, pronounced at JOT) were introduced in 2010 as a means of communication between two parties in the form of a JSON object. They can be encrypted and are popularly used over session id in authorisation mechanism in a server client architecture. Let's discuss what has made it so prevalent.

Server-Client Architecture

In this scenario, if a client requests a protected page(https://dev.to/new) from a server(by protected I mean the one shielded with some authentication mechanism), the server renders a login page . User( the term client and user are user interchangeably ) enters the user credentials and is successfully logged in. If in a subsequent request, the client requests the same url (https://dev.to/new), server has no way of knowing that it has already authenticated this user and re-renders the login page.

Solution1

Session id

So as a solution to the above problem, the concept of session id was introduced wherein the server creates a new session when a client requests anything for the first time. It then stores and passes the session id back to the client so that it can identify the client in case of any subsequent requests. Though it is a feasible solution and widely used, it has its own drawbacks.

Drawbacks

As the number of requests increase, there is a need for increased scalability.

Vertical scalability

Increase the number of resources for a server. It is an expensive solution

Horizontal scalability

Increase the number of servers.

Though the latter is feasible, the downside is that as you increase the number of servers, you need to put a load balancer in front of it which is responsible for request management. Now, the requests can go to any server irrespective of the client requesting it. So, if a user1 is authenticated with server1 and requests the same page again, and now the request goes to server2, some mechanism is need to tell server2 that user1 is already authentication. Hence, there is a need of storing the session ids in a database or in an alternate solution, keep the servers in sync at all times which comes with its own overhead.

Solution 2

JWT

For servers implementing JWT, there is no need of session storage. When a client requests a protected resource, server creates a JWT token and passes it to the client. JWT can contain user data along with other information in an encrypted format. Server does not store the JWT token, rather it stores the encryption key, so the next time user requests the same resource, server uses the key to decrypt and identify the client.


Original Link: https://dev.to/mehaksaini11/why-json-web-tokens-are-required-30f5

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To