Sign in
Log inSign up

Why JWT token?

József Pallagi's photo
József Pallagi
·Jul 23, 2020·

1 min read

I'm planning to create a web application. For authentication, I want to use JWT token.

I have read everyone that is safe, but I don't understand why.

Let's say the user login and the server sends back the token. The user wants to see his/ her orders (its a webshop), so the frontend sends a query like

react-my-burger-21f7b.firebaseio.com/order…<TOKEN>&orderBy="userId"&equalTo=<USER_ID>

As the user can see the token in the console network tab He or she can make a query like

https:react-my-burger-21f7b.firebaseio.com/order…<TOKEN>

with this, he can see everyone's orders and even can manipulate this data.