4 minute read
When I started my study about JWT, I was searching for a smart method to authenticate a request, without querying the database each time to check the applicant reliability. I needed a token or something similar with the ability to validate itself and flexible enough to customize the validation strategy. Imagine for example a web application where a user can login and obtain a “pass” with his name and an expiration time, and this pass will let him ask for resources until the pass expires, and only if the issuer is trusted. Thanks to JWT’s self verification capabilities, I could discard every request where the token is invalid (a fake token not signed by my application) or expired. Beyond this specific use case, JWT can be also useful to securely transmit data to other applications.
