Table of contents
What are Access Tokens?
Online systems usually give different levels of access to different groups of people. To get access to the system, a user has to provide special information. E.g. Username/password combo.
This is information that only they possess. Once a user gains access to a system, most systems return a short-lived token that the user or system can use for subsequent requests. This helps establish a session between the system and the user.
This token is known as an Access Token and exists in many forms.
The structure of the token depends on how and what the system needs to verify a user within the session period.
These tokens are mostly passed in the header of an HTTP [↗] request.
What is JWT?
A JSON Web Token JWT [↗] is an example of an Access Token.
Once a user authenticates against a server, they are provided an alphanumeric string that looks something like this:
$ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5cThis string can be decoded by anyone and contains information that the server needs to verify a user. E.g.
01: {02: "alg": "HS256",03: "typ": "JWT",04: "sub": "1234567890",05: "name": "John Doe",06: "iat": 151623902207: }Although anyone can decode the contents of a JWT string, only the server can generate a valid one.
This makes it safe even if the JWT token gets leaked. Authentication is usually required when the token is not used for a long time or expires, so the user will have to re-authenticate.
What is a Bearer Token?
A bearer token is an Access Token passed to a server using the HTTP Authorization header.
It typically looks something like this:
01: Authorization: Bearer token123The actual token within a Bearer Token can be any series of characters that the server can decode. This means a JWT string can be passed as Bearer Token.
Bearer tokens are mostly used in OAuth [↗] authentications.
Here is another article you might like 😊 What is An Asynchronous (Async) API?
