3:I[4707,[],""]
5:I[6423,[],""]
6:I[2798,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"ThemeProvider"]
7:I[9723,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"SmoothScroll"]
8:I[6079,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"CursorSpotlight"]
9:I[532,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"Navbar"]
a:I[2205,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"Footer"]
b:I[3772,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"Toaster"]
c:I[3095,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"Analytics"]
d:I[8661,["972","static/chunks/972-a66c538a2b036653.js","50","static/chunks/50-1257a4928d3dee1b.js","868","static/chunks/868-b5274bfdefe30153.js","79","static/chunks/79-108bb73aa9269941.js","854","static/chunks/854-33d3781a3ff18775.js","185","static/chunks/app/layout-fb8da892d0fbbf84.js"],"ChatWidget"]
4:["slug","api-authentication-oauth-and-jwt","d"]
0:["uuc30tI-qsfwjf4cKjy77",[[["",{"children":["blog",{"children":[["slug","api-authentication-oauth-and-jwt","d"],{"children":["__PAGE__?{\"slug\":\"api-authentication-oauth-and-jwt\"}",{}]}]}]},"$undefined","$undefined",true],["",{"children":["blog",{"children":[["slug","api-authentication-oauth-and-jwt","d"],{"children":["__PAGE__",{},[["$L1","$L2",null],null],null]},[null,["$","$L3",null,{"parallelRouterKey":"children","segmentPath":["children","blog","children","$4","children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L5",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","notFoundStyles":"$undefined"}]],null]},[null,["$","$L3",null,{"parallelRouterKey":"children","segmentPath":["children","blog","children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L5",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","notFoundStyles":"$undefined"}]],null]},[[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/css/0666b722fae2b471.css","precedence":"next","crossOrigin":"$undefined"}]],["$","html",null,{"lang":"en","suppressHydrationWarning":true,"className":"dark","children":[["$","head",null,{"children":["$","script",null,{"dangerouslySetInnerHTML":{"__html":"\n              (function() {\n                var theme = localStorage.getItem('theme');\n                var prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches;\n                if (theme === 'light') {\n                  document.documentElement.classList.remove('dark');\n                  document.documentElement.classList.add('light');\n                } else {\n                  document.documentElement.classList.add('dark');\n                  document.documentElement.classList.remove('light');\n                }\n              })();\n            "}}]}],["$","body",null,{"className":"__variable_f367f3 __variable_ce197d font-sans","children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"Organization\",\"@id\":\"https://cogentsoftware.com#organization\",\"name\":\"Cogent Softwares\",\"url\":\"https://cogentsoftware.com\",\"logo\":\"https://cogentsoftware.com/favicon.svg\",\"description\":\"Cogent Softwares helps startups and enterprises build web and mobile applications (Android & iOS), blockchain applications, and AI automation systems.\",\"email\":\"hello@cogentsoftwares.com\",\"telephone\":\"+91 8000555268\",\"address\":{\"@type\":\"PostalAddress\",\"addressLocality\":\"12, Nilkanth avenue, Motavarachha, Surat, Gujarat, India - 394101\"}}"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"WebSite\",\"name\":\"Cogent Softwares\",\"url\":\"https://cogentsoftware.com\",\"description\":\"Cogent Softwares helps startups and enterprises build web and mobile applications (Android & iOS), blockchain applications, and AI automation systems.\",\"publisher\":{\"@id\":\"https://cogentsoftware.com#organization\"}}"}}],["$","$L6",null,{"attribute":"class","defaultTheme":"dark","enableSystem":false,"storageKey":"theme","children":[["$","$L7",null,{}],["$","$L8",null,{}],["$","div",null,{"className":"relative flex min-h-screen flex-col","children":[["$","$L9",null,{}],["$","main",null,{"className":"flex-1","children":["$","$L3",null,{"parallelRouterKey":"children","segmentPath":["children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L5",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":[["$","title",null,{"children":"404: This page could not be found."}],["$","div",null,{"style":{"fontFamily":"system-ui,\"Segoe UI\",Roboto,Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\"","height":"100vh","textAlign":"center","display":"flex","flexDirection":"column","alignItems":"center","justifyContent":"center"},"children":["$","div",null,{"children":[["$","style",null,{"dangerouslySetInnerHTML":{"__html":"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}"}}],["$","h1",null,{"className":"next-error-h1","style":{"display":"inline-block","margin":"0 20px 0 0","padding":"0 23px 0 0","fontSize":24,"fontWeight":500,"verticalAlign":"top","lineHeight":"49px"},"children":"404"}],["$","div",null,{"style":{"display":"inline-block"},"children":["$","h2",null,{"style":{"fontSize":14,"fontWeight":400,"lineHeight":"49px","margin":0},"children":"This page could not be found."}]}]]}]}]],"notFoundStyles":[]}]}],["$","$La",null,{}]]}],["$","$Lb",null,{"position":"top-right","richColors":true,"closeButton":true}],["$","$Lc",null,{}],["$","$Ld",null,{}]]}]]}]]}]],null],null],["$Le",null]]]]
2:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"Article\",\"headline\":\"API Authentication - OAuth and JWT\",\"description\":\"OAuth and JWT show up in almost every stack. We explain the flows in plain language, plus the places teams accidentally leak tokens.\",\"datePublished\":\"2025-10-28T00:00:00.000Z\",\"dateModified\":\"2025-10-28T00:00:00.000Z\",\"author\":{\"@type\":\"Organization\",\"name\":\"Cogent Softwares\",\"url\":\"https://cogentsoftware.com\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"Cogent Softwares\",\"url\":\"https://cogentsoftware.com\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https://cogentsoftware.com/favicon.svg\"}},\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"https://cogentsoftware.com/blog/api-authentication-oauth-and-jwt\"},\"image\":[\"https://cogentsoftware.com/og.png\"]}"}}],["$","section",null,{"className":"section-padding","children":["$","div",null,{"className":"container max-w-3xl","children":["$","article",null,{"children":[["$","p",null,{"className":"text-xs uppercase tracking-[0.2em] text-muted-foreground","children":"2025-10-28"}],["$","h1",null,{"className":"mt-2 text-4xl font-semibold","children":"API Authentication - OAuth and JWT"}],["$","p",null,{"className":"mt-4 text-lg text-muted-foreground","children":"OAuth and JWT show up in almost every stack. We explain the flows in plain language, plus the places teams accidentally leak tokens."}],["$","p",null,{"className":"mt-2 text-sm text-muted-foreground","children":"6 min read"}],["$","div",null,{"className":"prose dark:prose-invert mt-8 max-w-none prose-headings:font-heading prose-a:text-primary prose-pre:bg-muted/50","children":[["$","h1",null,{"children":"API Authentication: OAuth and JWT"}],"\n",["$","p",null,{"children":["Every API needs to answer two questions: who is this caller, and what are they allowed to do? This article walks through ",["$","strong",null,{"children":"OAuth 2.0"}]," for “Sign in with Google” style flows and ",["$","strong",null,{"children":"JWTs"}]," for protecting your own API, in language you can share with frontend and mobile engineers."]}],"\n",["$","h2",null,{"children":"OAuth 2.0"}],"\n",["$","p",null,{"children":["OAuth lets users delegate access without giving your app their password. For browser and mobile apps, use the ",["$","strong",null,{"children":"authorization code"}]," flow with ",["$","strong",null,{"children":"PKCE"}],". Do not ship new apps on the implicit flow; it is the wrong tool for public clients."]}],"\n",["$","p",null,{"children":["Store ",["$","strong",null,{"children":"refresh tokens"}]," carefully (httpOnly cookies or secure storage on mobile). Keep ",["$","strong",null,{"children":"access tokens"}]," short-lived. Use a maintained library or identity provider so you are not hand-rolling crypto."]}],"\n",["$","h2",null,{"children":"JWTs for your API"}],"\n",["$","p",null,{"children":"A JWT is a signed blob of claims (user id, roles, expiry). The API verifies the signature and trusts the claims until expiry, without hitting a session store on every request."}],"\n",["$","p",null,{"children":[["$","strong",null,{"children":"Rules we follow:"}]," short lifetimes (minutes to an hour), refresh tokens for longer sessions, no secrets in the payload (it is signed, not encrypted), strong algorithms like ",["$","strong",null,{"children":"RS256"}],", validate issuer and audience. Rotate signing keys on a plan."]}],"\n",["$","h2",null,{"children":"Putting them together"}],"\n",["$","p",null,{"children":"A common pattern: user signs in through an IdP with OAuth; your auth service issues a JWT for your API. The API stays stateless for verification while still knowing who the user is."}],"\n",["$","h2",null,{"children":"When to get help"}],"\n",["$","p",null,{"children":"Auth bugs are security bugs. If you are unsure about storage, rotation, or mobile storage, ask someone who has shipped it before. We implement auth for web and mobile backends regularly."}],"\n",["$","hr",null,{}],"\n",["$","p",null,{"children":[["$","em",null,{"children":"Cogent Softwares"}],", Backend and security."]}]]}]]}]}]}]]
e:[["$","meta","0",{"name":"viewport","content":"width=device-width, initial-scale=1"}],["$","meta","1",{"charSet":"utf-8"}],["$","title","2",{"children":"API Authentication - OAuth and JWT | Cogent Softwares"}],["$","meta","3",{"name":"description","content":"OAuth and JWT show up in almost every stack. We explain the flows in plain language, plus the places teams accidentally leak tokens."}],["$","link","4",{"rel":"canonical","href":"https://cogentsoftware.com/blog/api-authentication-oauth-and-jwt"}],["$","meta","5",{"property":"og:title","content":"API Authentication - OAuth and JWT"}],["$","meta","6",{"property":"og:description","content":"OAuth and JWT show up in almost every stack. We explain the flows in plain language, plus the places teams accidentally leak tokens."}],["$","meta","7",{"property":"og:url","content":"https://cogentsoftware.com/blog/api-authentication-oauth-and-jwt"}],["$","meta","8",{"property":"og:site_name","content":"Cogent Softwares"}],["$","meta","9",{"property":"og:image","content":"https://cogentsoftware.com/og.png"}],["$","meta","10",{"property":"og:image:width","content":"1200"}],["$","meta","11",{"property":"og:image:height","content":"630"}],["$","meta","12",{"property":"og:image:alt","content":"API Authentication - OAuth and JWT"}],["$","meta","13",{"property":"og:type","content":"article"}],["$","meta","14",{"property":"article:published_time","content":"2025-10-28T00:00:00.000Z"}],["$","meta","15",{"property":"article:author","content":"Cogent Softwares"}],["$","meta","16",{"name":"twitter:card","content":"summary_large_image"}],["$","meta","17",{"name":"twitter:title","content":"API Authentication - OAuth and JWT"}],["$","meta","18",{"name":"twitter:description","content":"OAuth and JWT show up in almost every stack. We explain the flows in plain language, plus the places teams accidentally leak tokens."}],["$","meta","19",{"name":"twitter:image","content":"https://cogentsoftware.com/og.png"}],["$","link","20",{"rel":"icon","href":"/favicon.svg"}]]
1:null