Let me simplify JWT, SSO and oAuth
“The biggest risk is not taking any risk… In a world that is changing quickly, the only strategy that is guaranteed to fail is not taking risks.” — Mark Zuckerberg
Let me tell you an interesting thing, without the use of all the above technologies our internet signup/login would have been very irritating and annoying.
Imagine yourself logging in into a website and sending a request and logging in again using the username and password for another request. It would have been hell of a ride, isn’t it?. That’s where JWT comes into picture.
When you login into a system for the first time from a client, lets say it is a browser, the request goes to the server, it verifies the username and password and in the acknoledgement, server sends you a token. It is the token which is passed to the server when you send the next request and the other ones after that.
That token we refer to as JWT.
There is an interesting relation between JWT and SSO which stands for Single Sign On. Let me explain you this with a simple example. You must have signed in into your google account, right?. Now that google account give you access to various tools like YouTube, YouTubeMusic, Gmail, Google SpreadSheet etc. After signing in if you want to access Youtube, then google doesn’t asks you to signin again. How does that happen. That’s what working of SSO is all about. By signing in to you google ecosystem/account you get access to all the tools that comes under that ecosystem like YouTube etc…
What happens in the backend is… When you first signin, google sends you a JWT token and the same JWT is used when you try to access the applications like YouTube, where you don’t have to sign in again.
oAuth stands for open authorization. Lets image you are accessing websites like GeekForGeeks. In the login box you must have seen options of signing in through your Google account or Facebook account without using the username and password.
After clicking on the Google/Facebook tab, a popup comes up asking for allowing GeeksForGeeks to acces your google account info like UserName, date of birth etc. If you click on allow, Google issues a token to the GeeksForGeeks which it can use to authenticate you when you make future calls to the GeeksForGeeks website. This is what the whole concept of oAuth all about. Allowing GFG to get your info from another third party service called Google.
You know what the interesting part is, the token google send to the GeeksForGeeks is actually JWT.
That all from this article. In the next series of articles I will explan these tools one by one. Do share any doubts in the comments down below.
If this article has benefitted you in anyway. Please do support me here https://www.buymeacoffee.com/shobhitsri
Cheers! :)
