We will start talking about JWT. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA.
The two main properties of this standard are:
- Compact: Due to their small size, JWTs can be sent through a URL, POST parameter, or inside an HTTP header. But the payload can be as big as you want, so you have to have that in mind.
- Self-contained: The payload contains all the required information. This can help avoid the need to query the database for that information, optionally making the session stateless, as everything is in the token payload.
This token generation is something we must not do manually, but use a proven library that is capable of generating it. This is almost always a rule when using...