JSON Web Tokens
Not Your Grandma's Cookies
Thank Yous:
Cookies and JWT
There are two standard ways to do authentication:
- Cookies (more traditional)
- JWT (pronounced "jot"...?) JSON Web Tokens
- Cookies: Session ID of some kind
- JWT: Encrypted JSON object identifying the user
Some Benefits TO JWT Over Cookies
- Enables CORS
- Stateless
- CDNify your site's assets
- Mobile Ready
- Protects against CSRF (Cross-site request forgery)
- Performance
Cookies In Action
$ git clone https://github.com/kentcdodds/ng-jwt-workshop.git
$ cd ng-jwt-workshop/api
$ git checkout cookie
$ npm install
* Optionally copy user.json to a new user.local.json file and modify to have your own user
$ node index.js
$ open http://localhost:3000
Cookie Pain
127.0.0.1 api.jwtftw.dev127.0.0.1 www.jwtftw.dev
Oh No!
Stop the node server
$ git checkout -f cookie-pain-cors
$ node api/
Phew! No cors error...
Login... Get picture...
Oh No Again!
What? No picture? 403 error? Refresh page! Hey, it logged me out!?!?!?
Reason: Server cannot set cookies across subdomains...
Enter: JWT...
JSON Web Tokens
Thanks!
Please leave me feedback through the app... (Link at the bottom)
but the server's not running there, so don't expect to be able to log in or anything...
Now go build something awesome :-)
Resources
NG-JWT-Workshop
By Kent C. Dodds
NG-JWT-Workshop
A demonstration of why and how to use JSON Web Tokens instead of cookies for Authentication in Web Apps.
- 8,256