Stateless авторизация с использованием JWT

Abstract

A lot of web-developers have or will encounter the problem of authorization in their projects. Classic authorization scheme involves generating a random string (named token), then storing it with a set of attached privileges. But this approach requires a centralized storage for tokens, which all of project’s computing systems will be accessing. In the process of project’s growth, sooner or later, this centralized storage will no longer be able of dealing with the given amount of tokens and will require a serious upgrade. However, there are authorization solutions that don’t require storing a generated token out there. We are going to take a look at the one that is open standard and is represented as a simple JSON object. An important aspect of this solution is that it also doesn’t require a very powerful machine to process even hundreds of thousands requests per second.