Image for post
Image for post

I updated this article on May 3rd with a better way to deal with refresh tokens and to accomodate for an update of the JWT package.

This week I was improving the backend of an app of our company. It used basic authentication to authenticate users against the database. Because we were implementing multifactor authentication, it needed to be improved. At the same time the server response wasn’t that fast.

I figured JSON Web Tokens would solve that problem, while simultaneously solve a minor security concern with basic authentication. While all traffic is done over SSL, the password is still sent over the network, risking a MITM-attack. …

Maurits de Ruiter