Definition
Most mobile apps on your phone need to communicate to a server [→] to perform most of their functionalities.
Most of this functionality involves accessing user data, so you want to be sure the right user has access to their data. Unlike traditional web apps, where once a user is authenticated, the browser creates a cookie [→] to hold this state, mobile apps have no such mechanism and rely on a different approach. Unlike the browser the mobile app cannot remember the state of the last login, hence this approach is known as a stateless [→] authentication.
This is also true for modern web apps built using modern frontend frameworks [→] with APIs [→] acting as an exchange medium between the frontend and the server.
A JSON web token (JWT) is a JSON object that is used to securely transport data over the internet (between two parties). The server encrypts authentication information stored as a JSON [→] object and sends it back to the app. The app can then send this encrypted data to the server any time the user's identity needs to be verified.
Use Cases and Examples
JSON Web Tokens are mostly used for:
- Authentication [→]
- Secure Information Exchange
In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:
- Header: This part contains information about the encryption technique used.
- Payload: This is the information you would like to encrypt
- Signature: This section is used to verify that the payload has not been modified by an attacker.
It's all put together and encoded to base64 maintaining the structure header.payload.signature.
Summary
The critical part of a JWT is that any app or person can read its content but can't modify it in any way because the server will detect the changes. Check out jwt.io [↗] to read more on the subject.
Here is another article you might like 😊 "What Is Lazy Loading?"