rust-jwt VS frank_jwt

So first I generate a token using the jsonwebtoken crate. This accepts a struct that is serde serializable and deserializeable. After that I construct the Cookie and send it as the response to the request for the '/login' route. You can see my struct here (I named it JWT, but that is not the best name ever, this is the data included in the JWT token): https://github.com/horvbalint/speer/blob/main/backend/src/jwt.rs And then the login route here (line 88): https://github.com/horvbalint/speer/blob/main/backend/src/routes.rs

NOTE: Never store sensitive information about a client in the payload as the JWT is just encoded and not encrypted. You can paste the JWT I gave as an example above in this cool site which basically allows you to see in decoded. JSON Web Tokens - jwt.io

Although they did not make it into production, I experimented with the RabbitMQ message broker, Python (Django, Flask), Kubernetes + minikube, JWT, and NGINX. This was a hobby project, but I intended to learn about microservices along the way.

JSON Web Token (JWT) creation to extend user authentication to server-side functions

The (probably) most famous web resource about JWT - https://jwt.io - provides such a definition of JSON Web Tokens:

If you want to play with JWT and put these concepts into practice, you can use jwt.ioDebugger to decode, verify, and generate JWTs.

In this context, JSON Web Tokens (JWTs) play a crucial role.

Json Web Token (JWT): Even though it is more like an industry standard, we will use JWTs for stateless authentication in this article. If you want to learn more, you can refer to the official documentation.

Se pegar o token jwt podemos ver o que tem dentro, usando o site jwt.io.

JWT token is not encrypted, it's just base64UrlEncoded. So, don't put any sensitive information in payload. Meaning, if for some reason an access token is stolen, an attacker will be able to decode it and see information in payload.Check it here.