JWT: Part 2 – In the wild


JSON Web Tokens are used everywhere. Microsoft uses them as access tokens for their entire Authentication platform and their Graph API. Google uses them in their applications both in the Login with Google system and in their apis. Use existing tokens or generate own? If you start with a new application you should decide if you want to invest in setting up your own token server or use an existing...

JWT: Part 1 – Introduction


What exactly is a Json Web Token? I like to describe them as an easy way to digitally sign some json data about a user, that can then be used as an access token for some kind of api. Check out JSON Web Token on wikepedia for an exact description.I really like JWTs because they are verifiable without an additional call to some identity server. They are short-lived by default (at least should be)...

Recent posts