JWT on AI VOID

Chapter 5: User Management: Authentication & Authorization (JWT)

Thu, 08 Jan 2026 00:00:00 +0000

Chapter 5: User Management: Authentication & Authorization (JWT)

Welcome to Chapter 5! In this crucial phase of our journey, we’ll dive deep into securing our application by implementing robust user authentication and authorization. This involves enabling users to register for an account, log in, and then access protected resources based on their authenticated status. We’ll leverage JSON Web Tokens (JWT) as our primary mechanism for stateless authentication, a cornerstone of modern API security.

Chapter 8: Authentication & Authorization: Token Management and Guards

Wed, 11 Feb 2026 00:00:00 +0000

Introduction

Welcome to Chapter 8! In the exciting world of web applications, knowing who a user is (authentication) and what they’re allowed to do (authorization) is paramount. Without these, your application is an open book, vulnerable to unauthorized access and data breaches. This chapter dives deep into implementing robust authentication and authorization mechanisms in your modern Angular v20.x standalone application.

We’ll move beyond simple login forms to understand the lifecycle of JSON Web Tokens (JWTs), how to securely manage them, and how to gracefully handle token expiration with silent refresh flows. You’ll learn how to safeguard your application’s routes using functional Angular Route Guards and implement granular, role-based access control. By the end of this chapter, you’ll have a solid understanding of how to build a secure, enterprise-grade authentication system that provides a seamless user experience.

Chapter 8: Session Management & Token-Based Attacks

Sun, 04 Jan 2026 00:00:00 +0000

Introduction to Session Management & Token-Based Attacks

Welcome back, future security expert! In the previous chapters, we laid the groundwork for understanding web application vulnerabilities and basic authentication. Now, it’s time to elevate our game and tackle one of the most critical aspects of web security: how applications maintain state and identify users across multiple requests. This is where session management and token-based authentication come into play.

Think of a session as your temporary identity card for a website after you log in. The way this “card” is issued, stored, and verified is paramount to security. A flaw here can lead to an attacker impersonating you, accessing your data, or even taking over your account entirely. We’ll explore various session mechanisms, from traditional session IDs to modern JSON Web Tokens (JWTs), dissecting their vulnerabilities, and, most importantly, learning how to defend against sophisticated attacks.

Chapter 15: Securing Your API with Spring Security 6

Thu, 04 Dec 2025 00:00:00 +0000

Chapter 15: Securing Your API with Spring Security 6

Welcome to Chapter 15! In this crucial chapter, we’re going to elevate the “Basic To-Do List Application” you’ve been building by implementing robust security measures. A production-ready application, especially one exposing an API, absolutely requires authentication and authorization to protect its resources from unauthorized access and malicious activity.

We will integrate Spring Security 6, the latest iteration of the powerful security framework for Spring applications, to secure our To-Do API. This involves setting up user authentication using JSON Web Tokens (JWT) for stateless API communication and defining authorization rules to control access to specific endpoints based on user roles. By the end of this chapter, you will have a fully secured To-Do List API, where users must log in to obtain a token, and then use that token to interact with their To-Do items.

How JWT Authentication Works: Deep Dive into Internals

Wed, 21 Jan 2026 00:00:00 +0000

Introduction

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. It has become a cornerstone of modern web authentication and authorization, particularly in the realm of stateless APIs, microservices, and mobile applications. JWTs enable secure and efficient communication by allowing servers to verify the authenticity and integrity of client requests without needing to store any session-specific information on their end.

Chapter 4: Basic User Authentication with JWT

Wed, 20 Aug 2025 00:00:00 +0000

Before users can chat, we need to know who they are. This chapter focuses on implementing a basic user authentication system using JSON Web Tokens (JWT) in FastAPI. JWTs are a common, secure way to transmit information between parties as a JSON object, ideal for stateless authentication in APIs.

Purpose of this Chapter

By the end of this chapter, you will:

Understand what JWTs are and why they are used for authentication.
Set up libraries for password hashing and JWT generation.
Implement user creation and login endpoints.
Create a dependency to protect FastAPI routes with JWT.

Concepts Explained: JWT and Hashing

JSON Web Tokens (JWT)

A JWT is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object and are digitally signed using a secret (with HMAC algorithm) or a public/private key pair (with RSA or ECDSA).