PHP MK #10 // Should Shiny JWT Tokens Replace Sessions? – Grzegorz Skorupa
Welcome to PHP MK! We’re a great, budding community of interested developers in Milton Keynes.
We’re delighted to welcome Grzegorz Skorupa, all the way from Wroclaw, who will be presenting his talk, “Should Shiny JWT Tokens Replace Sessions?”
Pizza will be provided!
Should Shiny JWT Tokens Replace Sessions?
“OAuth 2.0 allows one to centralise user authentication. JWT tokens allow for signed-in user data to be kept client side, hence no server side session storage is required. The conjunction of both seems to have gained a lot of interest in recent years.
During the talk I will introduce you to OAuth 2.0 flow and JWT tokens internals. I will show how those can be used to authenticate and manage user sessions in mobile and modern web applications. I will present the challenges we faced when implementing authentication using OAuth 2.0 flows with JWT tokens in a large PHP based application. We shall try to compare them to good old server side sessions. I hope to answer the question: Is it worth switching from session mechanism to OAuth 2.0 flow with JWT tokens?”