# Authentication Mechanisms


# JWT - Javascript Web Token

  • Only for Authorization and NOT authentication
  • JWT is signed by server by its own key
  • Traditional approach - user information on server
  • JWT approach - user information within the token
  • Encode , decode JWT jwt.io
  • Why use it? Use case?
    • 2 seperate web applications like Bank and Retirement Plans, how to enable SSO?
    • share the same secret key b/w servers then same session could be reused on multiple services
    • used to authenticate within microservices
session based authorization
Traditional cookie based session ID exchange

jwt based authorization

  • or
  • Buy me a coffeeBuy me a coffee