From the course: Extending, Securing, and Dockerizing Spring Boot Microservices
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Understanding JWT
From the course: Extending, Securing, and Dockerizing Spring Boot Microservices
Understanding JWT
- [Instructor] We've seen how to authenticate a user with Spring Security and we know that we want to restrict certain APIs to users with certain roles, but we also know that RESTful APIs are stateless, meaning that they have no awareness between invocations. So, does that mean that clients must send the username and password to every restricted API? Thankfully no. There are other ways to have the concept of accession in RESTful APIs. A common method is to invoke an API to authenticate, like our sign in API, and then return to the client a special encoded string called a token. Then, subsequent client requests add the token to the HTTP header. OAuth is a frequently used implementation of this type of methodology. But since that's already presented in Spring:Spring Security course in the library, this application will use JSON Web Tokens, also known as JWT or jot. JSON web tokens are encrypted data packets that have the following structure, a header dot, a payload dot, and a signature.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.