I have read quite a few blogs explaining how they used JWT for authentication.
Personally, I go for OAuth 2.0 for my APIs.
To my understanding, JWT should only be used for microservice apps using Single Sign on, where the authentication server encrypts the user info as a payload which could then be passed down to other microservices. But using JWT for authentication seems like an increasing trend these days, even with monoliths. I dont quite understand the rationale behind that though.
Brought that up in this thread hoping to find some answers :)
I am a software engineer focused on Building Teams, Project Management, Software Architecture, C#, .NET Core, Blazor, JavaScript, TypeScript, Azure, User Experience, Web Security, and Performance.
I've been researching this a lot lately as I'm working on some API templates. Here's what I've learned so far.
JWT can be used with OAuth or without. They are not really competing tech. The biggest benefit of JWT is it can prevent database queries to check the users access and permissions since it contains that info in the request.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I have read quite a few blogs explaining how they used JWT for authentication.
Personally, I go for OAuth 2.0 for my APIs.
To my understanding, JWT should only be used for microservice apps using Single Sign on, where the authentication server encrypts the user info as a payload which could then be passed down to other microservices. But using JWT for authentication seems like an increasing trend these days, even with monoliths. I dont quite understand the rationale behind that though.
Brought that up in this thread hoping to find some answers :)
I've been researching this a lot lately as I'm working on some API templates. Here's what I've learned so far.
JWT can be used with OAuth or without. They are not really competing tech. The biggest benefit of JWT is it can prevent database queries to check the users access and permissions since it contains that info in the request.