|
|
|
|
|
|
by eranation
3031 days ago
|
|
|
These are three different things. Cookies: a storage mechanism. If you use simple cookies (session GUID) for authentication, you must maintain state in some persistent storage to tell if a session ID is valid or not. httpOnly, secure cookies and CSRF protection are also required. JWT: a digitally signed document containing claims about a user. Can be stored in a cookie or in localStorage or in your mobile app’s memory/temp storage. You can be stateless as the validity of the token is protected by its digital signature. Oauth: a protocol for authorization. Can embed the authorization claims in a JWT token among other ways. |
|
|