Securing your backend using a JWT
In the previous section, we covered how to use basic authentication with a RESTful web service. This method cannot be used when we develop our own frontend with React, so we are going to use JWT authentication instead (https://jwt.io/). A JWT is commonly used in RESTful APIs for authentication and authorization purposes. A JWT is a compact way to implement authentication in modern web applications. A JWT is really small in size and can therefore be sent in the URL, in the
POST parameter, or inside the header. It also contains all the necessary information about the user such as username and role.A JWT contains three different parts, separated by dots: xxxxx.yyyyy.zzzzz. These parts are broken up as follows:
- The first part (xxxxx) is the header that defines the type of token and the hashing algorithm.
- The second part (yyyyy) is the payload that, typically, in the case of authentication, contains user information.
- The third part (zzzzz) is the signature...