What is JSON Web Token?
Who uses JSON Web Token?
Here are some stack decisions, common use cases and reviews by companies and developers who chose JSON Web Token in their tech stack.
I am going to build a backend which will serve my React site. It will need to interact with a PostgreSQL database where it will store and read users and create and use JSON Web Token for authenticating HTTP requests. I know EF core has good migration tooling, can Go provide the same or better? I am a one man team and I'll be hosting this either on Heroku or DigitalOcean.
Overview: To put it simply, we plan to use the MERN stack to build our web application. MongoDB will be used as our primary database. We will use ExpressJS alongside Node.js to set up our API endpoints. Additionally, we plan to use React to build our SPA on the client side and use Redis on the server side as our primary caching solution. Initially, while working on the project, we plan to deploy our server and client both on Heroku . However, Heroku is very limited and we will need the benefits of an Infrastructure as a Service so we will use Amazon EC2 to later deploy our final version of the application.
Serverside: nodemon will allow us to automatically restart a running instance of our node app when files changes take place. We decided to use MongoDB because it is a non relational database which uses the Document Object Model. This allows a lot of flexibility as compared to a RDMS like SQL which requires a very structural model of data that does not change too much. Another strength of MongoDB is its ease in scalability. We will use Mongoose along side MongoDB to model our application data. Additionally, we will host our MongoDB cluster remotely on MongoDB Atlas. Bcrypt will be used to encrypt user passwords that will be stored in the DB. This is to avoid the risks of storing plain text passwords. Moreover, we will use Cloudinary to store images uploaded by the user. We will also use the Twilio SendGrid API to enable automated emails sent by our application. To protect private API endpoints, we will use JSON Web Token and Passport. Also, PayPal will be used as a payment gateway to accept payments from users.
Client Side: As mentioned earlier, we will use React to build our SPA. React uses a virtual DOM which is very efficient in rendering a page. Also React will allow us to reuse components. Furthermore, it is very popular and there is a large community that uses React so it can be helpful if we run into issues. We also plan to make a cross platform mobile application later and using React will allow us to reuse a lot of our code with React Native. Redux will be used to manage state. Redux works great with React and will help us manage a global state in the app and avoid the complications of each component having its own state. Additionally, we will use Bootstrap components and custom CSS to style our app.
Other: Git will be used for version control. During the later stages of our project, we will use Google Analytics to collect useful data regarding user interactions. Moreover, Slack will be our primary communication tool. Also, we will use Visual Studio Code as our primary code editor because it is very light weight and has a wide variety of extensions that will boost productivity. Postman will be used to interact with and debug our API endpoints.
Our whole Node.js backend stack consists of the following tools:
- Lerna as a tool for multi package and multi repository management
- npm as package manager
- NestJS as Node.js framework
- TypeScript as programming language
- ExpressJS as web server
- Swagger UI for visualizing and interacting with the API’s resources
- Postman as a tool for API development
- TypeORM as object relational mapping layer
- JSON Web Token for access token management
The main reason we have chosen Node.js over PHP is related to the following artifacts:
- Flexibility: Node.js sets very few strict dependencies, rules and guidelines and thus grants a high degree of flexibility in application development. There are no strict conventions so that the appropriate architecture, design structures, modules and features can be freely selected for the development.
I have just started learning Python 3 week back. I want to create REST api using python. The api will be use to save form data in Oracle database. The front end is using AngularJS 8 with Angular Material. In python there are so many framework for developing REST ** I am looking for some suggestions which REST framework to choose? ** Here are some feature I am looking for * Easy integration and unit testing like in Angular we just run command. * Code packageing, like in Java maven project we can build and package. I am looking for something which I can push in artifactory and deploy whole code as package. *Support for swagger/ OpenAPI * Support for JSON Web Token * Support for testcase coverage report Framework can have feature included or can be available by extension.
I really want to know, what are the problems that JSON Web Token solves that Sessions can't. JWT is actually more vulnerable when it comes to security. And what do other companies like Facebook or even Airbnb use to secure their API endpoint (I'm talking about GraphQL here).
JSON Web Token's Features