Should I use JWTs for authentication tokens?

JWT, or JSON Web Tokens, are a standard for authenticated tokens that consist of a header, payload, and signature. These tokens are mainly designed for high-scale environments like Google or Facebook, with the core benefit being that the recipient doesn’t need to connect to the user database to verify the token authenticity. The refresh token, not the authentication token, serves as the real session token in this setup. For smaller deployments, using a “normal” opaque session token stored in the database is more beneficial, as it reduces complexity and eliminates the need for workarounds. The key is to focus on what works best for your specific needs, rather than blindly following trends.

To top