Published in · 6 min read · Mar 28, 2020
--
Today I learned how to design a token-based authentication system using JWT, and though I’m still learning to design a system, I hope this post helps you.
The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource — without using their username and password. Once their token has been obtained, the user can offer the token — which offers access to a specific resource for a time period — to the remote site.
At least that is what written by w3 org, and the token that is talked about by w3 will be stored in a standard format such as JSON Web Token (JWT) to helps the system authenticate client and user. You can read the specification of JWT here.
We want to create a system that has a dedicated authentication service, so if we have many services, we won’t have to store client credentials on each service.