JWT

[mabelleeyanhwa]

trafficstars

session #1: JWTs code-along: https://github.com/thoughtworks-jumpstart/express-jwt-lab.git why we need authentication? data access control don't get unnecessary/unauthenticated requests make every request identifiable (and blacklist malicious users if necessary) mental model of how token-based authentication works (draw the right hand-side of the diagram here anatomy of a JWT watch video Header Payload Signature how this is created by jwt.sign() - https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback put token in authorization as a bearer token walk through GET /secret

JWT implementation with cookie or separate? Request JWT from server or just put jwt into the cookie