Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
This comment summarises the pitfalls accurately but the conclusion, not so much. JWT makes a great solution in many cases (some cases, you'll see that JWT is the only good solution). For starter, think about the use case where a different service(other than your authentication service) wants to verify the identity of your user to enable access to certain resources. And you need to do that without asking your authentication service. As a valid JWT can only be created by your authentication service but can be verified for it's authenticity by anyone, JWT makes a great solution here. And this is exactly why usage of JWT in oAuth2 has become a standard. I have created a similar demo for oAuth2 well, you may want to look at it once you finish the JWT demo.
Related posts
- Learn JWT by reverse engineering
- Show HN: Auth-JWT, a demo to learn JWT by reverse engineering
- I made an example project showcasing stateless authentication with JWT and Express!
- I made an example project showcasing stateless authentication with JWT and Express
- Ask HN: Microsoft crawls private links – how can this be legal?