What the Hell is a JWT Token??

When I first heard the jwt token name, it gave me a headache. I can still remember how terrified I was that day. I was telling myself what the hell is this new thing that I need to implement in order to verify the user and api.

However, after working on a few projects, I feel forced into making this statement. This jwt token is an excellent approach to validate any user against a database.

What is jwt token??

Jwt is an abbreviation for Json Web Token. A JWT is a mechanism to verify the owner/user. Its encoded. When a server receives a JWT, it can guarantee the data it contains can be trusted because its signed by the source. No middleman can modify a JWT once its sent.

Creating JWT token

If you take a look at the above picture closely, you will get an idea how developers generate the jwt token.
When a developer creates a JWT token with a method called jwt.sign(), it contains elements such as the user id, JWT_SECRET, and expiration date. JWT_SECRET helps to make a sign token that won't work anywhere unless the secret is given. The expiration date will determine how long this token will be valid.
After successfully generating a jwt token, All you have to do now is transmit the jwt token to the frontend and save it in localstorage or Cookie.
.

How does JWT Token work ?

Let's have a look at how it works now. Let's say you need to access your data from the dashboard, but how will that website validate your identity and prevent a hacker from gaining access to your information?

Simply said, the provided jwt token will be checked against their database.
If that website discovers a user id associated with the jwt token, it will grant you access to the dashboard.

So, I used the jwt.verify() function, which accepts two parameters: token and JWT SECRET, to check the jwt token. It will allow you to enter if both input values are true.

Take a look at the above picture to better understand.