JSON Web Token logo

JSON Web Token

A JSON-based open standard for creating access tokens
656
363
+ 1
0

What is JSON Web Token?

JSON Web Token is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
JSON Web Token is a tool in the User Management and Authentication category of a tech stack.
JSON Web Token is an open source tool with 3.6K GitHub stars and 375 GitHub forks. Here’s a link to JSON Web Token's open source repository on GitHub

Who uses JSON Web Token?

Companies
98 companies reportedly use JSON Web Token in their tech stacks, including Front-end, Biting Bit, and Foretag.

Developers
301 developers on StackShare have stated that they use JSON Web Token.

JSON Web Token Integrations

Passport, OpenID Connect, Django REST framework JWT, DNN, and Arengu are some of the popular tools that integrate with JSON Web Token. Here's a list of all 5 tools that integrate with JSON Web Token.
Decisions about JSON Web Token

Here are some stack decisions, common use cases and reviews by companies and developers who chose JSON Web Token in their tech stack.

Needs advice
on
ASP.NET CoreASP.NET Core
and
GolangGolang

I am going to build a backend which will serve my React site. It will need to interact with a PostgreSQL database where it will store and read users and create and use JSON Web Token for authenticating HTTP requests. I know EF core has good migration tooling, can Go provide the same or better? I am a one man team and I'll be hosting this either on Heroku or DigitalOcean.

See more
Simon Reymann
Senior Fullstack Developer at QUANTUSflow Software GmbH · | 27 upvotes · 4.9M views

Our whole Node.js backend stack consists of the following tools:

  • Lerna as a tool for multi package and multi repository management
  • npm as package manager
  • NestJS as Node.js framework
  • TypeScript as programming language
  • ExpressJS as web server
  • Swagger UI for visualizing and interacting with the API’s resources
  • Postman as a tool for API development
  • TypeORM as object relational mapping layer
  • JSON Web Token for access token management

The main reason we have chosen Node.js over PHP is related to the following artifacts:

  • Made for the web and widely in use: Node.js is a software platform for developing server-side network services. Well-known projects that rely on Node.js include the blogging software Ghost, the project management tool Trello and the operating system WebOS. Node.js requires the JavaScript runtime environment V8, which was specially developed by Google for the popular Chrome browser. This guarantees a very resource-saving architecture, which qualifies Node.js especially for the operation of a web server. Ryan Dahl, the developer of Node.js, released the first stable version on May 27, 2009. He developed Node.js out of dissatisfaction with the possibilities that JavaScript offered at the time. The basic functionality of Node.js has been mapped with JavaScript since the first version, which can be expanded with a large number of different modules. The current package managers (npm or Yarn) for Node.js know more than 1,000,000 of these modules.
  • Fast server-side solutions: Node.js adopts the JavaScript "event-loop" to create non-blocking I/O applications that conveniently serve simultaneous events. With the standard available asynchronous processing within JavaScript/TypeScript, highly scalable, server-side solutions can be realized. The efficient use of the CPU and the RAM is maximized and more simultaneous requests can be processed than with conventional multi-thread servers.
  • A language along the entire stack: Widely used frameworks such as React or AngularJS or Vue.js, which we prefer, are written in JavaScript/TypeScript. If Node.js is now used on the server side, you can use all the advantages of a uniform script language throughout the entire application development. The same language in the back- and frontend simplifies the maintenance of the application and also the coordination within the development team.
  • Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
See more
Saurav Pandit
Application Devloper at Bny Mellon · | 9 upvotes · 312.2K views

I have just started learning Python 3 week back. I want to create REST api using python. The api will be use to save form data in Oracle database. The front end is using AngularJS 8 with Angular Material. In python there are so many framework for developing REST ** I am looking for some suggestions which REST framework to choose? ** Here are some feature I am looking for * Easy integration and unit testing like in Angular we just run command. * Code packageing, like in Java maven project we can build and package. I am looking for something which I can push in artifactory and deploy whole code as package. *Support for swagger/ OpenAPI * Support for JSON Web Token * Support for testcase coverage report Framework can have feature included or can be available by extension.

See more
Wassim Ben Jdida
Needs advice
on
Google ChromeGoogle Chrome
and
JSON Web TokenJSON Web Token

I really want to know, what are the problems that JSON Web Token solves that Sessions can't. JWT is actually more vulnerable when it comes to security. And what do other companies like Facebook or even Airbnb use to secure their API endpoint (I'm talking about GraphQL here).

Thanks!

See more
Shared insights
at

Repost

Overview: To put it simply, we plan to use the MERN stack to build our web application. MongoDB will be used as our primary database. We will use ExpressJS alongside Node.js to set up our API endpoints. Additionally, we plan to use React to build our SPA on the client side and use Redis on the server side as our primary caching solution. Initially, while working on the project, we plan to deploy our server and client both on Heroku . However, Heroku is very limited and we will need the benefits of an Infrastructure as a Service so we will use Amazon EC2 to later deploy our final version of the application.

Serverside: nodemon will allow us to automatically restart a running instance of our node app when files changes take place. We decided to use MongoDB because it is a non relational database which uses the Document Object Model. This allows a lot of flexibility as compared to a RDMS like SQL which requires a very structural model of data that does not change too much. Another strength of MongoDB is its ease in scalability. We will use Mongoose along side MongoDB to model our application data. Additionally, we will host our MongoDB cluster remotely on MongoDB Atlas. Bcrypt will be used to encrypt user passwords that will be stored in the DB. This is to avoid the risks of storing plain text passwords. Moreover, we will use Cloudinary to store images uploaded by the user. We will also use the Twilio SendGrid API to enable automated emails sent by our application. To protect private API endpoints, we will use JSON Web Token and Passport. Also, PayPal will be used as a payment gateway to accept payments from users.

Client Side: As mentioned earlier, we will use React to build our SPA. React uses a virtual DOM which is very efficient in rendering a page. Also React will allow us to reuse components. Furthermore, it is very popular and there is a large community that uses React so it can be helpful if we run into issues. We also plan to make a cross platform mobile application later and using React will allow us to reuse a lot of our code with React Native. Redux will be used to manage state. Redux works great with React and will help us manage a global state in the app and avoid the complications of each component having its own state. Additionally, we will use Bootstrap components and custom CSS to style our app.

Other: Git will be used for version control. During the later stages of our project, we will use Google Analytics to collect useful data regarding user interactions. Moreover, Slack will be our primary communication tool. Also, we will use Visual Studio Code as our primary code editor because it is very light weight and has a wide variety of extensions that will boost productivity. Postman will be used to interact with and debug our API endpoints.

See more

JSON Web Token's Features

  • compact
  • self-contained

JSON Web Token Alternatives & Comparisons

What are some alternatives to JSON Web Token?
OAuth2
It is an authorization framework that enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Passport
It is authentication middleware for Node.js. Extremely flexible and modular, It can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
Spring Security
It is a framework that focuses on providing both authentication and authorization to Java applications. The real power of Spring Security is found in how easily it can be extended to meet custom requirements.
JavaScript
JavaScript is most known as the scripting language for Web pages, but used in many non-browser environments as well such as node.js or Apache CouchDB. It is a prototype-based, multi-paradigm scripting language that is dynamic,and supports object-oriented, imperative, and functional programming styles.
Git
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
See all alternatives

JSON Web Token's Followers
363 developers follow JSON Web Token to keep up with related blogs and decisions.