Token Based Authentication

Token Based authentication allows users to verify their identity using credntials and in this case server returns a unique access token (mostly in Bearer token header ) or signed token such as JWT. As long as the token is valid ,user can access the web page or api. The token is stored on client side


Client -> Sends login creds -> Server
Client <- Server authenticates and returns a signed token(JWT or Bearer )
CLient stores the token in local storage/ cookie
Client makes requests to server and makes sure this token is added in Bearer header or as POST request parameter
CLient -> Server decodes the token or jwt and if token valid sends the requested data
Once user logs out token is destroyed or a validity period can be set for the token

Tokens are like a time stamped tickets. As long as token is valid ,user is allowed to perform operations

Edit this page on GitHub

Shweta's Notes

Token Based Authentication

Token Based Authentication

Links to this note