Digital_Signature

A ( User1 ) can Encrypt the message by its private key then it will only be decrypted by at the Receiver by using User1 Public Key.

JWT

• The client will need to authenticate with the server using the credentials only once.
• During this time the server validates the credentials and returns the client a JSON Web Token(JWT). For all future requests, the client can authenticate itself to the server using this (JWT) and not need again username and password.

Check the steps below:-

1. During the first request, the client sends a POST request with a username and password.
2. Validate the username and password. Generate the JWT using a secret key
3. Upon successful authentication, the server generates the JWT and sends this JWT to the client.
4. This JWT can contain a payload of data. On all subsequent requests, the client sends this JWT token in the header.
5. Using this token the server authenticates the user. don’t need the client to send the username and password to the server each request for authentication.

var token = jwt.sign({id: user._id},secret,{
expiresIn: 86400 // 24hr only

header= req.headers.authorization;
token = header.split(' ')[1] ;
jwt.verify(token.slice(0, token.length-1),secret,(err, decoded)=>{
)};