How a token is generated with the help of secret key?

Question

In token based authentication the user is to validate himself or herself through some form of validation in the form of username and password.The server needs to validate user credentials. Once the server validates user credentials, then the server will issue a signed token to user.Here the server can make use of the secret to generate a token. I am giving a secret key in some config.js file

module.exports = {
    'secretKey': '12345-67890-09876-54321',
    'mongoUrl' : 'mongodb://localhost:27017/conFusion'
}

So what I want to know is how a server can make use of this secret key to create and verify JSON web tokens...

Answer 1

There are many articles about JWT and how they work, so I'll skip this part because I don't want to just paste an entire article.

The benefits of JWT is that you can put data in it (generally informations about your user). Doing so, you won't have to query your DB to authenticate them and it will result in faster response time for your API / service.

Because you put information into your token (potentially sensible data, or even just mail and name), you must encrypt it so noone except you can read it.

Here comes the secret key : You can think of it as a door key (yes, like in the real world). It allows you to encrypt (close the door) your data so noone can understand it and to decrypt it (open the door) so you can read it.
Since the secret key is on your server and you are the only one that can access it, then you're the only one who can decrypt and read the JWT.

This is just an overview of how it works and I hope it explains well enough the role of the secret key, for more informations and details about JWT, this article is good.

Best regards,