We need to transfer information between microserves securely. The requests must be verified and signed digitally, where the applications verify the authenticity of the requests and respond to them.
We need to have a compact way to handle this information in the REST or HTTP world, since the information is required to be sent with each request. JWT is here to help. JWT is basically JSON web tokens in an open web standard that helps to securely transfer information between parties (applications). JWT will be signed using a secret, based on the HMAC algorithm, or with a public/private key. They are compact and self-contained.
Compact: They are small and can be sent to each request.
Self-contained: The payload contains all the necessary details about the user, which prevents us from querying the database for user authentication.
JWT consists of the header, payload, and signature. They are base64 encoded strings, separated by . (a period):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlNlbmRpbCBLdW1hciBOIiwiYWRtaW4iOnRydWV9.ILwKeJ128TwDZmLGAeeY7qiROxA3kXiXOG4MxTQVk_I
#Algorithm for JWT generation
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), )