JSON Web Token logo

JSON Web Token

A JSON-based open standard for creating access tokens
221
113
+ 1
0

What is JSON Web Token?

JSON Web Token is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
JSON Web Token is a tool in the User Management and Authentication category of a tech stack.
JSON Web Token is an open source tool with 2.9K GitHub stars and 294 GitHub forks. Here鈥檚 a link to JSON Web Token's open source repository on GitHub

Who uses JSON Web Token?

Companies
69 companies reportedly use JSON Web Token in their tech stacks, including qfl-stack, Biting Bit, and Tipe.

Developers
121 developers on StackShare have stated that they use JSON Web Token.
Private Decisions at about JSON Web Token

Here are some stack decisions, common use cases and reviews by members of with JSON Web Token in their tech stack.

I am going to build a backend which will serve my React site. It will need to interact with a PostgreSQL database where it will store and read users and create and use JSON Web Token for authenticating HTTP requests. I know EF core has good migration tooling, can Go provide the same or better? I am a one man team and I'll be hosting this either on Heroku or DigitalOcean.

See more
Saurav Pandit
Saurav Pandit
Application Devloper at Bny Mellon | 8 upvotes 17.8K views

I have just started learning Python 3 week back. I want to create REST api using python. The api will be use to save form data in Oracle database. The front end is using AngularJS 8 with Angular Material. In python there are so many framework for developing REST ** I am looking for some suggestions which REST framework to choose? ** Here are some feature I am looking for * Easy integration and unit testing like in Angular we just run command. * Code packageing, like in Java maven project we can build and package. I am looking for something which I can push in artifactory and deploy whole code as package. *Support for swagger/ OpenAPI * Support for JSON Web Token * Support for testcase coverage report Framework can have feature included or can be available by extension.

See more
Wassim Ben Jdida
Wassim Ben Jdida
Software Developer | 3 upvotes 1.4K views
Shared insights
on
GraphQLGraphQLJSON Web TokenJSON Web Token

I really want to know, what are the problems that JSON Web Token solves that Sessions can't. JWT is actually more vulnerable when it comes to security. And what do other companies like Facebook or even Airbnb use to secure their API endpoint (I'm talking about GraphQL here).

Thanks!

See more
Public Decisions about JSON Web Token

Here are some stack decisions, common use cases and reviews by companies and developers who chose JSON Web Token in their tech stack.

Simon Reymann
Simon Reymann
Senior Fullstack Developer at QUANTUSflow Software GmbH | 23 upvotes 577.3K views

Our whole Node.js backend stack consists of the following tools:

  • Lerna as a tool for multi package and multi repository management
  • npm as package manager
  • NestJS as Node.js framework
  • TypeScript as programming language
  • ExpressJS as web server
  • Swagger UI for visualizing and interacting with the API鈥檚 resources
  • Postman as a tool for API development
  • TypeORM as object relational mapping layer
  • JSON Web Token for access token management

The main reason we have chosen Node.js over PHP is related to the following artifacts:

  • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
  • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
  • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
  • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
See more

Repost

Overview: To put it simply, we plan to use the MERN stack to build our web application. MongoDB will be used as our primary database. We will use ExpressJS alongside Node.js to set up our API endpoints. Additionally, we plan to use React to build our SPA on the client side and use Redis on the server side as our primary caching solution. Initially, while working on the project, we plan to deploy our server and client both on Heroku . However, Heroku is very limited and we will need the benefits of an Infrastructure as a Service so we will use Amazon EC2 to later deploy our final version of the application.

Serverside: nodemon will allow us to automatically restart a running instance of our node app when files changes take place. We decided to use MongoDB because it is a non relational database which uses the Document Object Model. This allows a lot of flexibility as compared to a RDMS like SQL which requires a very structural model of data that does not change too much. Another strength of MongoDB is its ease in scalability. We will use Mongoose along side MongoDB to model our application data. Additionally, we will host our MongoDB cluster remotely on MongoDB Atlas. Bcrypt will be used to encrypt user passwords that will be stored in the DB. This is to avoid the risks of storing plain text passwords. Moreover, we will use Cloudinary to store images uploaded by the user. We will also use the Twilio SendGrid API to enable automated emails sent by our application. To protect private API endpoints, we will use JSON Web Token and Passport. Also, PayPal will be used as a payment gateway to accept payments from users.

Client Side: As mentioned earlier, we will use React to build our SPA. React uses a virtual DOM which is very efficient in rendering a page. Also React will allow us to reuse components. Furthermore, it is very popular and there is a large community that uses React so it can be helpful if we run into issues. We also plan to make a cross platform mobile application later and using React will allow us to reuse a lot of our code with React Native. Redux will be used to manage state. Redux works great with React and will help us manage a global state in the app and avoid the complications of each component having its own state. Additionally, we will use Bootstrap components and custom CSS to style our app.

Other: Git will be used for version control. During the later stages of our project, we will use Google Analytics to collect useful data regarding user interactions. Moreover, Slack will be our primary communication tool. Also, we will use Visual Studio Code as our primary code editor because it is very light weight and has a wide variety of extensions that will boost productivity. Postman will be used to interact with and debug our API endpoints.

See more
Saurav Pandit
Saurav Pandit
Application Devloper at Bny Mellon | 8 upvotes 17.8K views

I have just started learning Python 3 week back. I want to create REST api using python. The api will be use to save form data in Oracle database. The front end is using AngularJS 8 with Angular Material. In python there are so many framework for developing REST ** I am looking for some suggestions which REST framework to choose? ** Here are some feature I am looking for * Easy integration and unit testing like in Angular we just run command. * Code packageing, like in Java maven project we can build and package. I am looking for something which I can push in artifactory and deploy whole code as package. *Support for swagger/ OpenAPI * Support for JSON Web Token * Support for testcase coverage report Framework can have feature included or can be available by extension.

See more

I am going to build a backend which will serve my React site. It will need to interact with a PostgreSQL database where it will store and read users and create and use JSON Web Token for authenticating HTTP requests. I know EF core has good migration tooling, can Go provide the same or better? I am a one man team and I'll be hosting this either on Heroku or DigitalOcean.

See more
Nicolas Theck
Nicolas Theck
Student at RocketPlay | 3 upvotes 63.5K views

We use JavaScript in both our #Frontend and #Backend. Front-End wise, we're using tools like Vue.js , Webpack (for dev & building), pulsejs . For delivering the content, we push to GitLab & use GitLab CI (running on our own Ubuntu machine) to install (with npm) our packages, build the app trough Webpack and finally push it to our nginx server via a folder. From there, use accessing the website will get cached content thanks to CloudFlare. Back-End wise, we again use JavaScript with tools such as ExpressJS (http server), Sequelize (database, server running on PostgreSQL ) but also JSON Web Token with passport to authenticate our users. Same process used in front-end is used for back-end, we just copy files to a dist where PM2 watches for any change made to the Node.js app. Traffic doesn't go trough CloudFlare for upload process reasons but our nginx reverse proxy handles the request (which do go trough CloudFlare SSL-wise, since we're using their ns servers with our OVH domain.) Other utils we use are SendGrid for email sending & obviously HTML5 for the base Vue.js app. I hope this article will tell you more about the Tech we use here at RocketPlay :p

See more
Wassim Ben Jdida
Wassim Ben Jdida
Software Developer | 3 upvotes 1.4K views
Shared insights
on
GraphQLGraphQLJSON Web TokenJSON Web Token

I really want to know, what are the problems that JSON Web Token solves that Sessions can't. JWT is actually more vulnerable when it comes to security. And what do other companies like Facebook or even Airbnb use to secure their API endpoint (I'm talking about GraphQL here).

Thanks!

See more

JSON Web Token's Features

  • compact
  • self-contained

JSON Web Token Alternatives & Comparisons

What are some alternatives to JSON Web Token?
OAuth2
It is an authorization framework that enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Passport
It is authentication middleware for Node.js. Extremely flexible and modular, It can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
Spring Security
It is a framework that focuses on providing both authentication and authorization to Java applications. The real power of Spring Security is found in how easily it can be extended to meet custom requirements.
Auth0
A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications.
Devise
Devise is a flexible authentication solution for Rails based on Warden
See all alternatives

JSON Web Token's Followers
113 developers follow JSON Web Token to keep up with related blogs and decisions.
iamAbayomi
Mariappan Kandasamy
Raveen Beemsingh
Radhwane Fellahi
Joven Barola
edisplay
Gus Coelho
lovish hamal
Erick Van Der Linde
yassine el hamra