JSON Web Token (JWT)

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object (jwt.io).

JWTs can be signed using the following algorithms:

HMAC (secret)
RSA, ECDSA (public/private key pair)

When to use JWT?

Authorization:
- The most common way of using JWT
- Allows users to access permitted routes, services and resources
Information Exchange:
- We can be sure who the senders are because JWTs can be signed (e.g: using public/private key pairs)
- It can be verified that the content hasn’t been tampered (as the signature is calculated using the header and the payload)

Resources

https://www.jwt.io/introduction
https://en.wikipedia.org/wiki/JSON_Web_Token
https://neurons.ruangguru.com/course/backend-development/web-application/authentication-and-authorization/json-web-token

Go Hexagonal Architecture Backend YT Channels