I am using Rails API to generate a JWT on user login. Now I need to persist this token. After some reading, I found out that there are two ways of doing this. I can either use local storage or cookies. They both have the problem of XSS and CSRF resp...Read more
JWT (JSON Web Token) seems like the new standard for authentication. JWTs have lots of benefits, but are riskier when compared to HTTP sessions. What's your opinion about JWTs? Would you use them in your application?
From Introduction to JSON Web Tokens : JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trus...Read more
JSON Web Token (JWT) is a JSON-based open standard (RFC 7519) for passing claims between parties in web application environment. The tokens are designed to be compact, URL-safe and usable especially in web browser single sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes. The tokens can also be authenticated and encrypted.