Is token verification required if there isn't any registration?

Question

Assume there is a server which we just can send (post) user information to it. Because we don't want anyone will be able to send these information to the server, so we use token verification (like JWT). Is it correct ? (Explain it why it is correct if it is) If it doesn't what is the solution ? (Don't forget there isn't any sign up or sign in)

Answer 1

Because we don't want anyone will be able to send these information to the server, so we use token verification

The last part should have been: "we use authentication/authorization". What kind of authentication/authorization you use, that is implementation detail.

Using JWT is a form of authentication. So that is a correct approach. You could have gone as well with any other kind of authentication method (like OAuth from the tags) or username/password.

---

Which is the correct one for your case? - That depends on your case. The key point of JWT is:

As JWTs are self-contained, all the necessary information is there, reducing the need to query the database multiple times. (Source)

---

Appendum based on comment to this answer:

Actually there isn't any authentication. because I can't compare it by anything else. at the end of my game, player can send his/her information like name and phone number. (player haven't registered before and won't).

That is the classic highscore problem. Your code runs on an untrusted environment, but the highscore table should only allow for valid inputs. If you want to archieve that only valid requests from your game make it to the server/database, you have to apply several layers of protection.

You could add e.g. hashing or encryption of parameters. Here is a write-up: https://gist.github.com/judeibe/871157

Regarding the use of JWT: If you share one token over a lot of your game instances, there is no added benefit over using a long random string.