Authentification progression

✅ API key

1. User issues API key
   
2. To use certain API, send key with request
   
3. When requested, Application authenticated user information with key
   
4. Respond to user with information from key
   

👎🏻

• If key is leaked? Difficult to fix
  
• To prevent key leak, frequent update neccessary
  

✅ OAUTH2

1. Application sends user to Oauth service to login
   
2. Oauth authenticates user
   

👎🏻

• need to verify token
• token expires

✅ JWT

JWT carries verification with itself, so no need for requesting for verification of the token

👎🏻

• token carries lots of sensitive data