-
|
I would like to hear more about it, not sure when should I being using which one |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
It all starts with JWT structure. Last third part is a token signature, which allows to authorize and authenticate your user identity. You can read more here Interesting things start happen, Whalen your services scale, and more and more different services (it may be not only laravel projects) require user authentication With JWT_SECRET for signing tokens symmetrical cryptography is used, which means the same "password" is used for both signing (issuing) tokens and validating them When using microservices it is recommended to use separate authorization microservice, which is the only one can issue tokens with private key And all the others services has only access to public key only allowing them to validate JWTs All of this makes your architecture more secure by separating levels of responsibility and access between services themselves and persons, who have access to them |
Beta Was this translation helpful? Give feedback.
-
|
Thank u for the answer, I was a little bit confused about when to use it, for some reason my initial thought was to use the public key to read the JWT payload |
Beta Was this translation helpful? Give feedback.
It all starts with JWT structure. Last third part is a token signature, which allows to authorize and authenticate your user identity. You can read more here
Interesting things start happen, Whalen your services scale, and more and more different services (it may be not only laravel projects) require user authentication
With JWT_SECRET for signing tokens symmetrical cryptography is used, which means the same "password" is used for both signing (issuing) tokens and validating them
And certificates are using asymmetrical cryptography, which using separate private and public keys for signing and validating tokens respectively
When using microservices it is recommended to use separate authori…