Improve Data Flow through React Context
28.02.2024
26.05.2023
Introduction to the authentication problem
Developing an authentication and authorisation mechanism is a crucial point in designing an application, involving (at least) both client and server. But how do you handle an authenticated message exchange considering that HTTP is stateless?
The solution is establishing a session: upon authentication, the client receives from the authentication server a certain session-ID that allows them to recognize subsequent HTTP requests as authenticated. Such information:
Once they have been introduced by the IETF (RFC 7519), JSON Web Tokens (JWT) become very popular for addressing this kind of problem.
JWT authentication flow
Once the client sends an authentication request (Login request), the server signs a payload which contains information about the user (at least a user ID and the expiration time) and sends it to the client (Signed JWT), which internally stores it.
From this time on, any client requests for a restricted resource (Data Request) will need the previously stored token (+Signed JWT) so that the server can verify the signature, extract the user information and eventually send the Response back. Note that this approach does not require the server to store any information about the session.
JWT structure
JWT is composed by three sections, separated by a dot:
Hence, the previous schema can be seen as:
If you want to learn more (do you know how to deal with XSS and CSRF attacks?) or simply want to try to decode, verify and generate JWTs, please follow this link https://jwt.io/ … and have fun!
Improve Data Flow through React Context
28.02.2024
Play with the WBS
13.09.2023
Zentralisierung von Application Logs
12.05.2023
A gentle introduction to JSON Web Tokens
30.03.2023