Understanding JWT(JSON Web Token)

Introduction

With most services migrating to an online platform, making use of web applications and APIs, it is crucial to ensure that communication is secured. Traditional session-based authentication works but it is limited in scalability and distributed systems. That is where JSON Web Tokens(JWTs) come in.

JWT is compact, stateless and secure way of transmitting information between a client and a server. It is known for being used in authentication and authorization systems such as OAuth, API security or session handling in web apps.

What is a JWT?

A JWT is basically a string token that has several benefits:

  • Compact (consists of 3 parts; header, payload, signature, hence smaller than XML-based token and each part uses Base64URL)
  • Self-contained (stores necessary info inside)
  • Signed(ensures integrity)

Why use JWT in PHP?

  • Stateless: No need for PHP sessions on the server.
  • Scalable: Perfect for APIs, SPAs and microservices.
  • Cross-platform: A PHP backend can authenticate users on mobile apps, React, Angular or Vue frontends.
  • Secure: Signed tokens ensure integrity( cannot be altered without detection)
How does JWT work in PHP?
  1. User logs in with credentials
  2. PHP validates the credentials against the database.
  3. If valid, PHP generates a JWT and sends it to the client.
  4. The client stores the token (in localStorage, sessionStorage or cookies).
  5. For each request, the client send the JWT in the HTTP header
  6. PHP verifies the JWT before granting access.

Conclusion

JWT is great for authentication in PHP applications, especially for APIs and distributed systems as they provide a safer and is smaller compared to traditional session management. Moreover, they can be easily generated, signed and verified in PHP projects. 

Comments

Post a Comment

Popular posts from this blog

Domain Name System( DNS)- Recursive DNS

 What is DNS? When someone type in a domain name (Ex. google.com), it triggers a DNS lookup . During that process, the domain name will match a corresponding IP address that will be returned back to the client. There are 2 types of DNS lookups; iterative and recursive.   A recursive DNS lookup implies that one DNS server interacts with other DNS servers and returns a matching IP address to the client. On a side note, a DNS server is when a user types a domain name. This enable a DNS lookup where several remote computers return a corresponding IP address to the user's computer and allow them to access the correct website. A DNS query on the other hand implies that the client can communicate directly to each DNS server involved in the lookup. In a DNS lookup, there are several DNS servers involved; DNS resolver, DNS root server, DNS TLD (Top-Level Domain) server, and DNS authoritative nameserver. In iterative DNS lookup, DNS resolver asks each DNS one by one until it finds t...
Read more

SSH (Secure Shell) and Virtual Private Network(VPN)

 As stated in my previous blog, SSH and VPN works almost similarly. They both provide the user with secure access to transfer data over an unsecured network. However, they serve different purposes. SSH is a protocol primarily designed for secure access to individual servers or devices. Users can execute commands, transfer files, and  forward specific ports, while encrypting the data. It is focused towards ensuring the completion of tasks, making it ideal for system admin and developers who need direct interaction over a remote server. VPN, on the other hand, is a wider solution that ensure the security of all internet traffic between devices and a remote server. It creates an encrypted tunnel to protect online activity and masks the IP address. It is used to provide remote access to an organization's private network, or perhaps enhance privacy on a public network like in Cafe, malls, etc... Both of them also possess drawbacks. SSH has limited network access and it requires exp...
Read more

Creating a new user and setting up their keys in SSH.

 SSH, shortly abbreviated for Secure Shell,  is a network protocol that provides secure access to a computer and manages devices over an unsecured network. It widely used by system admins, developers, and network engineers. SSH uses the port 22 and on a side note, HTTPS uses port 443 and port 80 is the default port for web servers. Some key features of SSH are: 1. It encrypts all data between the client and the server, making it reliable for crucial data. 2. It prompts the user with password authentication as well as key authentication ( public and private keys) which adds another layer of security. 3.  With port forwarding, SSH can forward network traffic, securing data. 4. With SCP (Secure Copy) and SFTP (SSH File Transfer Protocol) allow secure file transaction. 5. Users can interact on a remote session using commands via SSH session. Steps to set up the key for a new user: 1.  "useradd username" "useradd" command will allow the individual to add a new username t...
Read more