There are many benefits to using JWT tokens regardless of the platform. JWT tokens base64 encode all the users claims in their body and can be safely decoded on the client into a stateful object. This is hugely beneficial when compared to alternative opaque tokens which provide zero use to the client app. On login, you immediately have atomic data in the client without additional round trips to the API to poll for user information.
JWT tokens are stateless: there is no need to store or keep track of them server side, which is more scalable horizontally across many servers. They are safe because the private signing key used to grant them is stored server side, any inbound API calls bearing them are simply validated with the private key, guaranteeing they were issued by your Authorization API.
JWT tokens work nicely in Angular, React, and any other client framework. Because they are JSON, you can base64 decode them in the client and bind client UI elements directly to your claims – someone with an admin claim can see an admin menu and a user without that claim will never know the menu exists, if implemented correctly.
Aside from this, a JWT token still behaves in the same way as any bearer token:
- Issued by Authorization API
- Stored by client in cookies or local storage
- Passed to Resource API in
Authorizationheader
In summary, you will have fewer N+1 trips back and forth between your client and server as well as less work to scale if you implement JWT tokens.