Authentication

In my years as developer I have use several Authentication tools, Here we are going to explain a bit some.

The auth process

JSON Web Token (JWT)

Structure

JWT Signature Algorithms

JWT Issues

Summary:

Use symmetric digital signature algorithm only if your service is internal
Use Asymmetric digital signature algorithm if your API is public
In the process of verifying the token CHECK algorithm type to avoid security issue explained below

Platform-Agnostic SEcurity TOkens (PASETO)

PASETO structure