Securing the application with OAuth2 and JWT
In this section, we’ll build out the authentication system for the event planner application. We’ll be making use of the OAuth2 password flow, which requires the client to send a username and password as form data. The username in our case is the email used when creating an account.
When the form data is sent to the server from the client, an access token, which is a signed JWT, is sent as a response. Usually, a background check is done to validate the credentials sent to the server before creating a token to allow further authorization. To authorize the authenticated user, the JWT is prefixed with Bearer when sent via the header to authorize the action on the server.
What Is a JWT and Why Is It Signed?
A JWT is an encoded string usually containing a dictionary housing a payload, a signature, and its algorithm. JWTs are signed using a unique key known only to the server and client to avoid the encoded string being...