https://complete-dope.github.io/codex/tags/authentication/ Recent content in Authentication on Mohit Dulani Hugo -- 0.146.0 en Thu, 06 Mar 2025 00:00:00 +0000 https://complete-dope.github.io/codex/posts/authentication-and-authorization/ Thu, 06 Mar 2025 00:00:00 +0000 https://complete-dope.github.io/codex/posts/authentication-and-authorization/ <h1 id="learning-authentication-and-authorization">Learning Authentication and Authorization</h1> <p>HTTP in itself is stateless that is each request is considered as a seperate new request and with no previous baggage or memory.</p> <p>3 basic terms :</p> <ol> <li>Session</li> <li>JWT</li> <li>Cookies</li> </ol> <p>JWT : JSON web token, 64 bit cryptographic hashed token, has 3 parts seperated by &lsquo;.&rsquo;, those are <code>headers</code>, <code>payload</code>, and <code>server side secret-key</code> , so if anyone tries to change any value in any of the fields the hash will change and will no longer remain valid and our server side secret wont be able to match it (uses minimum resources to validate, only a single secret string that can be stored in env also ) , this JWT can be stored in a cookie, local storage , memory etc</p>