Digital_Signature
A ( User1 ) can Encrypt the message by its private key then it will only be decrypted by at the Receiver by using User1 Public Key.
JWT
- The client will need to authenticate with the server using the credentials only once.
- During this time the server validates the credentials and returns the client a JSON Web Token(JWT). For all future requests, the client can authenticate itself to the server using this (JWT) and not need again username and password.
Check the steps below:-
- During the first request, the client sends a POST request with a username and password.
- Validate the username and password. Generate the JWT using a secret key
- Upon successful authentication, the server generates the JWT and sends this JWT to the client.
- This JWT can contain a payload of data. On all subsequent requests, the client sends this JWT token in the header.
- Using this token the server authenticates the user. don’t need the client to send the username and password to the server each request for authentication.
var token = jwt.sign({id: user._id},secret,{
expiresIn: 86400 // 24hr only
header= req.headers.authorization;
token = header.split(' ')[1] ;
jwt.verify(token.slice(0, token.length-1),secret,(err, decoded)=>{
)};
Leave a comment
[wpqa_login]