Securing your backend using a JWT
In the previous section, we covered how to use basic authentication with a RESTful web service. This method cannot be used when we develop our own frontend with React, so we are going to use JWT authentication instead. A JWT is a compact way to implement authentication in modern web applications. A JWT is really small in size and can therefore be sent in the Uniform Resource Locator (URL), in the POST
parameter, or inside the header. It also contains all the necessary information pertaining to the user.
A JWT contains three different parts, separated by dots: xxxxx.yyyyy.zzzzz. These parts are broken up as follows:
- The first part (xxxxx) is the header that defines the type of the token and the hashing algorithm.
- The second part (yyyyy) is the payload that, typically, in the case of authentication, contains user information.
- The third part (zzzzz) is the signature that is used to verify that the token hasn't been changed along...