Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JWT Authentication and user validation

Tags:

authentication

architecture

jwt

I'm not sure I fully understand the concepts of how a proper JWT Authentication must work. I have found an article about JWT Authentication where author talks that:

  ..the token is self-contained, so the client just need to resend to the server for each request, and the server just have to check the signature to ensure its validity. No more useless call to database or LDAP.

I'm a little bit concerned about phrase- No more useless call to database or LDAP

But how to check for example that the User is still exists in the system or User has not been banned and this token has been early expired ?

Looks like I definitely need to make a call to database or LDAP in order to get this information and to compare it with info inside of JWT token. isn't it ?

like image 646
alexanoid Avatar asked Jan 05 '16 21:01

alexanoid

People also ask

How do I authenticate a user with JWT?

To authenticate a user, a client application must send a JSON Web Token (JWT) in the authorization header of the HTTP request to your backend API. API Gateway validates the token on behalf of your API, so you don't have to add any code in your API to process the authentication.

How is JWT token validated?

To verify JWT claimsVerify that the token is not expired. The aud claim in an ID token and the client_id claim in an access token should match the app client ID that was created in the Amazon Cognito user pool. The issuer ( iss ) claim should match your user pool.

What is JWT authentication and authorization?

With JWT authorization, you get a user-based authentication. Once the user is authenticated, the user gets a secure token that they can use on all systems. The management of the user (and therefore the token) is centralized. You set up access rights and you give each user different rights for each system.

What are the 3 parts of JWT?

Figure 1 shows that a JWT consists of three parts: a header, payload, and signature.

1 Answers

You are correct that if you MUST check this on every call, you will need to query the database or call the authorization server.

But the point is that JWT tokens should have a short enough lifetime that you should not have worry about this.

If the token expires every hour, and the user is deleted or banned, he/she will only have access to the APIs for at most another hour (or whatever the token lifetime is). Then the client needs to renew the token and figures out that the user is no longer valid.

Not having the query the database or call a service for each token validation will make your service scale much better. It also removes a single point of failure (auth DB or service down).

like image 109
MvdD Avatar answered Nov 15 '22 11:11

MvdD
Sign in to Comment

Related questions

.ASPXAUTH cookie expires at session end
Apache basic authentication issue with reverse proxy
What is the cleanest way to leverage Forms Authentication from ServiceStack?
Devise with multiple models & multiple login forms
IIS7 (Windows) Authentication -- Cannot figure out why new website errors 401
How to integrate AD authentication + SSO with exsisting Forms authenticated Saas web application
Cassandra access control
Can I send out of band data along with a commit?
Checking and updating passwords with passport-local and bcrypt in node.js
C# LdapConnection Authentication Issue
How to write integration test for asp.net web api
Play Framework handle Authorization not authentication
unable to set security domain via jboss-web.xml
git svn https authentication
How to sign JWT?
Yii2 Login from DB (Setting unknown property: app\models\User::password_hash)
How does Firebases anonymous authentication generate a UID?
How to use ThinkTecture IdentityServer 3 in Web Api 2
Kerberos delegation between different services
How to prevent customers from modifying firebase data (in web-application without backend)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!