Token-Based Authentication for Web Apps

Authentication is the process of determining whether a user or entity is who he/she claims to be. Authorization helps confirm the identity of a user through session cookies that rely on session IDs that are stored on the server. Hence, developers are forced to either create session storage that is unique to each & every server or implement an entirely separate layer for session storage.

The rise of Single Page Applications (SPAs) and decoupling of the front-end from the
back-end is in full force. Frameworks like Angular, React, and Vue allow developers to build bigger, better, and more performant single page applications than ever before. Token-based authentication goes hand-in-hand with these frameworks.

Token-based authentication has gained prevalence over the past few years due to the rise of SPAs, web APIs, and the Internet of Things (IoT).

Token authentication (or token-based authentication) is one of the core elements of scalable identity and authorization management. Token authentication is stateless, secure, mobile-ready, and designed to grow with your user base without adding additional strain on your servers.

When we talk about authentication with tokens, we generally talk about authentication with JSON Web Tokens (JWTs). While there are different ways to implement tokens, JWTs have become the de-facto standard. With this context in mind, the rest of the article will use tokens and JWTs interchangeably.

Token-based authentication is stateless. The server does not keep a record of which users are logged in or which JWTs have been issued. Instead, every request to the server is accompanied by a token which the server uses to verify the authenticity of the request. The token is generally se