Home > Net >  Secure login with Jwt or oAuth?
Secure login with Jwt or oAuth?

Time:02-10

I have a e eCommerce App and want to use a login/token that is Full secure. Is Jwt enough for 10k User or should I Use oAuth? Oauth ja expensive 1.5k dollar for 10k monthly active users

CodePudding user response:

Yes Json web token(jwt) is enough! But be mindful of which data you send through the token because it can be decoded.

The only thing that make jwt secure is the signature.

Also never expose your Secret key in your source code always use environment variable while in development

CodePudding user response:

OAuth and JWT can't be compared as these are two completely different things.

OAuth is the standard for authorizing users. It gives you flows that your app can use to get authorization in order to access a user's resources.

JWT is a format for a token. JWTs can be used as access tokens, but they can be used for other things as well. Also, access tokens don't have to be in the form of a JWT.

In short - OAuth will tell you how to get an access token, and JWT is just one format of the token that you can obtain using an OAuth flow.

OAuth can also be further extended with OpenID Connect, which is used for authenticating users.

The answer to "should I use OAuth" is of course never concrete. It all depends on the setup of your application. If you have just your own backend and you are looking for ways of securing it with user accounts, then you don't need OAuth, you just need sessions and secure features for logging in users (maybe two-factor authentication). If you have a separate application on your front end and an API, then using OAuth flows will grant you standard ways of obtaining access tokens.

As for JWTs, you should use them only if you see a valid use case for that. If you don't need to pass information in a token directly to your APIs, then you don't need the JWT, you'll be fine with any random-string token.

Oauth ja expensive 1.5k dollar for 10k monthly active users

I don't understand this part. What do you mean that OAuth is expensive? OAuth is a standard and it's free to use. If you mean that paying for an OAuth server is expensive then this of course depends on the vendor. There are many different OAuth vendors out there, and there are also free solutions (either where you have to code some things yourself, like the Spring Security Server, or complete products like Keycloak or the Curity Identity Server's Community Edition.

Page link:https//www.codepudding.com/net/295155.html

Prev:React Native/Redux State not updating after making API Call
Next:Component still rendering after unmount?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding