Do not reinvent user permissions. Self-hosted, open source authorization layer for your product.
Dec 19, 2022 • 15 tweets • 8 min read
Let’s get our series started in which we make our case against token-based AuthZ.
JWTs are like a key and composed of three parts: a header, a payload, and a signature.
The payload contains information to identify the owner of the token: user ID, email address, etc.
These are called claims and essentially, they can hold whatever info you may need.