{"componentChunkName":"component---src-templates-blog-list-template-js","path":"/engineering/17","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"excerpt":"An infrastructure layer that allows you to manage communication between the microservices of your application is a service mesh. As more…","fields":{"slug":"/engineering/istio-installation-and-service-configuration/"},"html":"

An infrastructure layer that allows you to manage communication between the microservices of your application is a service mesh. As more developers work with microservices, by consolidating common management and administrative tasks in a distributed setup, service meshes have developed to make the job easier and more effective.

\n

To know more about Istio, you can read this article on Istio service mesh to understand the basic terminology, In this tutorial, will explain how to install and configure Istio. Let's get started.

\n

Installing Istio

\n

Get the latest Istio release:

\n
curl -L https://istio.io/downloadIstio | sh -
\n

Extract the archive and export the bin directory in the environment path.

\n

This will also install istioctl, a command-line tool to manage Istio service mesh.

\n

Configuration Profiles

\n

Istio provides various built-in configuration profiles, a set of pre-defined configs related to data and control plane. We can customize the configs according to our needs.

\n

For testing locally or trying it ou, you can use a demo profile. For dev and other environments, we will be using the default configuration profile.

\n
istioctl install --set profile=demo
\n

Customizing configs

\n

Run:

\n
istioctl profile dump default
\n

to see the various configurations. We can change those flag using istioctl commands and --set flag.

\n

For development purpose, we can enabled/changes following flags:

\n
istioctl install --set addonComponents.kiali.enabled=true \\ \n--set components.telemetry.enabled=true \\ \n--set components.citadel.enabled=true \\ \n--set values.global.proxy.privileged=true \\ \n--set addonComponents.tracing.enabled=true \\ \n--set values.pilot.traceSampling=100.0 \\ \n--set values.global.proxy.tracer=datadog
\n

The path value of --set flag is the YAML path, which you can see in the profile dump command.

\n
\n

While changing any config, make sure to pass all the previous flags with the new ones. For example, if first time, you enabled istioctl install --set addonComponents.kiali.enabled=true and now let’s say, you want to enable citadel, then you have to pass both flags like this: istioctl install --set addonComponents.kiali.enabled=true --set components.telemetry.enabled=true.\nFailing to add any previously enabled variable will revert the config to its default values.\nOne way to store the dump in a file and do istioctl apply or use helm charts for Istio.

\n
\n

Sidecar injection

\n

For Istio to work properly, a sidecar Envoy proxy needs to be enabled for the services. By default, the Istio control plane will not enable any sidecar to any services. To enable sidecar, we have to add labels at the namespace level.

\n
kubectl label namespace dsl-test istio-injection=enabled
\n

You need to have this label even if you do not want to add a sidecar to all your services.

\n

You need to restart the pods.

\n

For services, which do not require sidecar, we need to add the following annotation in the deployment template:

\n
# Pod Annotations \npodAnnotations: \n\tsidecar.istio.io/inject: "false"
\n

Configuring Services

\n

For demonstration, we will take two demo services demo-1 and demo-2, and configure both services with Istio, and will try to call demo-2 service from demo-1. Make sure there is an env variable in demo-1, which we will configure with demo-2 internal DNS url. The programming language for the two services does not matter here.

\n

A service configuration requires a VirtualService, DestinationRule, PeerAuthentication, and optionally a Gateway configuration.

\n

Gateway

\n
apiVersion: networking.istio.io/v1alpha3 \nkind: Gateway \nmetadata: \n\tname: demo-1\nspec: \n\tselector: \n\t\tistio: ingressgateway \n\tservers: \n\t- port: \n\t\tnumber: 80 \n\t\tname: http \n\t\tprotocol: HTTP \n\t- hosts: \n\t\t- "demo-1.example.com"
\n

Gateway is used when we want to access the services from the public network.

\n

Here we are using the default gateway provided by the Istio. We can also create multiple gateways and assign the proper name here.

\n

The above gateway configuration enables both HTTP and HTTPS communication. In the case of HTTPS, we have to supply the secret containing the CA certs and key.

\n
spec:\n\tservers: \n\t- port: \n\t\tnumber: 443\n\t\tname: http \n\t\tprotocol: HTTP\n\t  tls: \n\t\tmode: SIMPLE \n\t\tcredentialName: div4-dev-certs\n\t  hosts: \n\t\t- "demo-1.example.com"
\n

We can apply the same gateway for demo-2. We just have to update the hosts and metadata name. Since we will demo-2 internally from demo-1, there is no need for an external gateway for demo-2 here.

\n

VirtualServices

\n
---\napiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n  name: demo-1\nspec:\n  hosts:\n  - "demo-1.test.svc.cluster.local"\n  - "demo-1.example.com"\n  gateways:\n    - demo-1\n  http:\n  - route:\n    - destination:\n        host: demo-1.test.svc.cluster.local\n        port:\n          number: 80
\n

spec.hosts: Specifies the URL which the caller of the service will use. Here, dsl-es.pbdp.svc.cluster.local will be used by the services calling internally. The endpoint demo-1.example.com will be exposed publicly, and it should match the spec.servers.hosts value in Gateway config.

\n

spec.gateways: In order for the gateways configured above to reach the service, we need to define the gateway metadata name here.

\n

http.route.destination.host: This value should be the actual service FQDN.

\n

DestinationRule

\n

After the virtualservice decides the destination hosts, DestinationRule defines the configuration on the actual service. DestinationRule is optional and is needed only in case we want to override the default behavior.

\n
---\napiVersion: networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n  name: demo-1\nspec:\n  host: "demo-1.test.svc.cluster.local"\n  trafficPolicy:\n    loadBalancer:\n      simple: ROUND_ROBIN\n    tls:\n      mode: ISTIO_MUTUAL
\n

spec.host: specifies service FQDN

\n

spec.trafficPolicy: Specifies policy on the traffic. Here we can specify load balancing algorithms, TLS mode, circuit breaking policies.

\n

spec.trafficPolicy.tls.mode: ISTIO_MUTUAL mode is a TLS mode where we will use the certificates generated by the Istio.

\n

A configuration like circuit breakers, outlier detection comes under the Destination Rule.

\n

PeerAuthentication

\n

This configuration defines how the other services will connect.

\n
---\napiVersion: security.istio.io/v1beta1\nkind: PeerAuthentication\nmetadata:\n  name: demo-1\nspec:\n  selector:\n    matchLabels:\n      app: demo-1\n  mtls:\n    mode: STRICT
\n

spec.selector.matchLabels.app: Specify the deployment label on which this configuration will be applied.

\n

spec.mtls.mode: TLS mode. STRICT being the connection will always be mutual tls.

\n

PeerAuthentication can be applied to a whole namespace. This is useful when all the services in the namespace are part of the mesh.

\n
\n

Apply the same configuration for virutalservice, destination, and peerauthentication by replacing demo-1 with demo-2 assuming both services are in the same namespace.

\n
\n
kubectl apply -f <file>.yaml -n test
\n

Access the objects:

\n
kubectl get virtualservices -n pbdp\nkubectl get gateways -n pbdp\nkubectl get destinationrule -n pbdp\nkubectl get peerauthentication -n pbdp
\n

Now update the env for demo-2 with demo-2.test.svc.cluster.local in demo-1 service.

\n","frontmatter":{"date":"January 22, 2021","updated_date":null,"description":"This article will provide a step by step process on how to install and configure services using Istio.","title":"How to Install and Configure Istio","tags":["Istio","Service Mesh"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/d8ff8c7b29395837a840c4013f351290/58556/Istio.webp","srcSet":"/static/d8ff8c7b29395837a840c4013f351290/61e93/Istio.webp 200w,\n/static/d8ff8c7b29395837a840c4013f351290/1f5c5/Istio.webp 400w,\n/static/d8ff8c7b29395837a840c4013f351290/58556/Istio.webp 800w,\n/static/d8ff8c7b29395837a840c4013f351290/210c1/Istio.webp 900w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Piyush Kumar","github":"kpiyush17","avatar":null}}}},{"node":{"excerpt":"In this article, we will address how to perform basic query operations in MongoDB. We are producing data at an unparalleled pace now…","fields":{"slug":"/engineering/basic-query-operations-in-mongodb/"},"html":"

In this article, we will address how to perform basic query operations in MongoDB. We are producing data at an unparalleled pace now following the global spread of the internet. Since it will require us to collect/request the required data from the database to conduct some kind of analysis, it is of utmost importance that we choose the right tool to query the data.

\n

This is where MongoDB comes in, specifically. MongoDB is an unstructured database which, in the form of documents, stores data. In addition, MongoDB is very effective in handling enormous amounts of data and is the most commonly used NoSQL database as it provides rich query language and versatile and easy data access.

\n

Create a Sample Database

\n

Before the start, we will create a sample DB with some sample data to perform all operations.

\n

We will create a database with name myDB and will create a collection with name orders. For this, the statement would be as follows.

\n
> use myDB\n> db.createCollection("orders")\n>
\n

MongoDB doesn't use the rows and columns. It stores the data in a document format. A collection is a group of documents.

\n

You can check all collections in a database by using the following statement.

\n
> use myDB\n>show collections\norders\nsystem.indexes\n>
\n

Let's insert some documents by using the following statement.

\n
> db.orders.insert([\n\t{\n\t\tCustomer: "abc",\n\t\tAddress:{"City":"Jaipur","Country":"India"},\n\t\tPaymentMode":"Card",\n\t\tEmail:"abc@mail.in",\n\t\tOrderTotal: 1000.00,\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":10},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"journal","Price":"200.00","Qty":2},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\t\t\n\t},\n\t{\n\t\tCustomer: "xyz",\n\t\tAddress:{"City":"Delhi","Country":"India"},\n\t\tPaymentMode":"Cash",\n\t\tOrderTotal: 800.00,\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\t\t\n\t},\n\t{\n\t\tCustomer: "ron",\n\t\tAddress:{"City":"New York","Country":"USA"},\n\t\tPaymentMode":"Card",\n\t\tEmail:"ron@mail.com",\n\t\tOrderTotal: 800.00,\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":00}\n\t\t]\t\t\n\t}\n])
\n

A document is the equivalent of an RDBMS row. It doesn't need to have the same schema in each document. It means a document might not have any field that doesn't have any value.

\n

Query Documents

\n

find() method

\n

You need to use the find() method to query documents from MongoDB collections. The following statement will retrieve all documents from the collection.

\n
> db.orders.find()\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tAddress:{"City":"Jaipur","Country":"India"},\n\t\tPaymentMode":"Card",\n\t\tEmail:"abc@mail.com",\n\t\tOrderTotal: 1000.00,\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":10},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"journal","Price":"200.00","Qty":2},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\t\t\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tAddress:{"City":"Delhi","Country":"India"},\n\t\tPaymentMode":"Cash",\n\t\tOrderTotal: 800.00,\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607644c"),\n\t\tCustomer: "ron",\n\t\tAddress:{"City":"New York","Country":"USA"},\n\t\tPaymentMode":"Card",\n\t\tEmail:"ron@mail.com",\n\t\tOrderTotal: 600.00,\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":00}\n\t\t]\n\t}\n>
\n

Projection

\n

If you want to fetch only selected fields then you can use the projection. Following statement will fetch only Customer and Email field.

\n
> db.orders.find( { }, { Customer: 1, Email: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tEmail:"abc@mail.com"\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz"\t\t\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607644c"),\n\t\tCustomer: "ron",\n\t\tEmail:"ron@mail.com"\t\t\n\t}\n>
\n

Filter the Documents by Specifying a Condition

\n

Now we will learn how we can fetch the documents that match a specified condition. MongoDB provides many comparison operators for this.

\n

1. $eq Operator

\n

The $eq operator checks the equality of the field value with the specified value. To fetch the order where PaymentMode is 'Card' you can use the following statement

\n
>db.orders.find( { PaymentMode: { $eq: "Card" } } )
\n

This query can be written also like below

\n
>db.orders.find( { PaymentMode: "Card" } )
\n

A similar SQL statement would be as follows

\n
SELECT * FROM orders WHERE PaymentMode="Card"
\n

Example

\n
>db.orders.find( { PaymentMode: "Card" }, { Customer: 1, PaymentMode: 1 } )\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tPaymentMode":"Card"\t\t\t\t\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607644c"),\n\t\tCustomer: "ron",\n\t\tPaymentMode":"Card"\n\t}\n>
\n

$eq Operator with embedded document

\n

You may have noticed that we inserted an embedded document Address in the Orders collection. If you want to fetch the order where Country is 'India' you can use a dot notation like the following statement.

\n
>db.Orders.find( { "Address.Country": { $eq: "India" } } )
\n

This query can be written also like below

\n
>db.Orders.find( { "Address.Country":"India" } )
\n

Example

\n
>db.Orders.find( { "Address.Country": { $eq: "India" } } , { Customer: 1, Address: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tAddress:{"City":"Jaipur","Country":"India"}\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tAddress:{"City":"Delhi","Country":"India"}\n\t}\n>
\n

$eq Operator with array

\n

$eq operator will retrieve all the documents if the specified condition is true for any item in an array. We have an OrderItems array in the document. If you want to filter the documents where 'paper' were also ordered then the statement would be as follows.

\n
>db.Orders.find( { "OrderItems.ItemName": { $eq: "paper" } } )
\n

This query can be written also like below

\n
>db.Orders.find( { "OrderItems.ItemName": "paper"  } )
\n

Example

\n
>db.Orders.find( { "OrderItems.ItemName": { $eq: "paper" } } , { Customer: 1, OrderItems: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":10},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"journal","Price":"200.00","Qty":2},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\t\t\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\n\t}\n>
\n

2. $gt Operator

\n

You can use the $gt operator to retrieve the documents where a field’s value is greater than the specified value. The following statement will fetch the documents where OrderTotal is greater than 800.

\n
>db.orders.find( { OrderTotal: { $gt: 800.00 } } )
\n

A similar SQL statement would be as follows

\n
SELECT * FROM orders WHERE OrderTotal>800.00
\n

Example

\n
>db.Orders.find( { "OrderTotal": { $gt: 800.00 } } , { Customer: 1, OrderTotal: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tOrderTotal: 1000.00\n\t}\n>
\n

3. $gte Operator

\n

You can use the $gte operator to retrieve the documents where a field’s value is greater than or equal to the specified value. The following statement will fetch the documents where OrderTotal is greater than or equal to 800.

\n
>db.orders.find( { OrderTotal: { $gte: 800.00 } } )
\n

A similar SQL statement would be as follows

\n
SELECT * FROM orders WHERE OrderTotal>=800.00
\n

Example

\n
>db.Orders.find( { "OrderTotal": { $gte: 800.00 } } , { Customer: 1, OrderTotal: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tOrderTotal: 1000.00\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tOrderTotal: 800.00\n\t}\n>
\n

4. $lt Operator

\n

You can use the $lt operator to retrieve the documents where a field’s value is less than the specified value. The following statement will fetch the documents where OrderTotal is less than 800.

\n
>db.orders.find( { OrderTotal: { $lt: 800.00 } } )
\n

A similar SQL statement would be as follows

\n
SELECT * FROM orders WHERE OrderTotal<800.00
\n

Example

\n
>db.Orders.find( { "OrderTotal": { $lt: 800.00 } } , { Customer: 1, OrderTotal: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607644c"),\n\t\tCustomer: "ron",\n\t\tOrderTotal: 600.00\n\t}\n>
\n

4. $lte Operator

\n

You can use the $lte operator to retrieve the documents where a field’s value is less than or equal to the specified value. Following statement will fetch the documents where OrderTotal is less than or equal to 800.

\n
>db.orders.find( { OrderTotal: { $lte: 800.00 } } )
\n

A similar SQL statement would be as follows

\n
SELECT * FROM orders WHERE OrderTotal<=800.00
\n

Example

\n
>db.Orders.find( { "OrderTotal": { $lte: 800.00 } } , { Customer: 1, OrderTotal: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tOrderTotal: 800.00\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607644c"),\n\t\tCustomer: "ron",\n\t\tOrderTotal: 600.00\n\t}\n>
\n

5. $ne Operator

\n

You can use the $ne operator to retrieve the documents where a field’s value is not equal to the specified value.

\n
>db.orders.find( { PaymentMode: { $ne: "Card" } } )
\n

A similar SQL statement would be as follows

\n
SELECT * FROM orders WHERE PaymentMode != "Card"
\n

Example

\n
>db.Orders.find( { "PaymentMode": { $ne: "Card" } } , { Customer: 1, PaymentMode: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tPaymentMode":"Cash"\n\t}\n>
\n

6. $in Operator

\n

You can use the $in operator to retrieve the documents where a field’s value is equal to any value in the specified array.

\n
>db.orders.find( { OrderItems.ItemName: { $in: ["journal","paper"] } } )
\n

Example

\n
>db.Orders.find( { OrderItems.ItemName: { $in: ["journal","paper"] } } , { Customer: 1, OrderItems: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607534c")\n\t\tCustomer: "abc",\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":10},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"journal","Price":"200.00","Qty":2},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\t\t\n\t},\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607544c"),\n\t\tCustomer: "xyz",\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"paper","Price":"10.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":500}\n\t\t]\n\t}\n>
\n

7. $nin Operator

\n

You can use the $nin operator to retrieve the documents where a field’s value is not equal to any value in the specified array. It will also select the documents where the field does not exist.

\n
>db.orders.find( { OrderItems.ItemName: { $nin: ["journal","paper"] } } )
\n

Example

\n
>db.Orders.find( { OrderItems.ItemName: { $nin: ["journal","paper"] } } , { Customer: 1, OrderItems: 1 })\n\t{\n\t\t"_id" : ObjectId("5dd4e2cc0821d3b44607644c"),\n\t\tCustomer: "ron",\n\t\tOrderItems:[\n\t\t\t{"ItemName":"notebook","Price":"150.00","Qty":5},\n\t\t\t{"ItemName":"postcard","Price":"10.00","Qty":00}\n\t\t]\n\t}\n>
\n

Indexing

\n

We know that indexing is very important if we are performing the queries on a large database. Without indexing execution of a query can be expensive. We can add a simple ascending index on a single field by using the following statement.

\n
>db.Orders.createIndex({"Customer":1})
\n

MongoDB creates a unique index on ‘_id’ field by default. A unique index will prevent insertion of two documents with the same value for that field. If you want to create a unique index then the statement would be as follows.

\n
db.Orders.createIndex( { "OrderId": 1 }, { unique: true } )
\n

Conclusion

\n

I hope you learned something new today, If you want to learn few more stuff on MongoDB, here is an interesting article on Self-Hosted MongoDB I also invite you to try stuff on your own and share your experience in the comment section. Furthermore, if you face any problems with any of the above definitions, please feel free to ask me in the comments below.

\n","frontmatter":{"date":"January 20, 2021","updated_date":null,"description":null,"title":"How to Perform Basic Query Operations in MongoDB","tags":["MongoDB"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/f4c86ce656fbbcd1cebd60b0c6606d53/58556/coverImage.webp","srcSet":"/static/f4c86ce656fbbcd1cebd60b0c6606d53/61e93/coverImage.webp 200w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/1f5c5/coverImage.webp 400w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/58556/coverImage.webp 800w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/99238/coverImage.webp 1200w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/7c22d/coverImage.webp 1600w,\n/static/f4c86ce656fbbcd1cebd60b0c6606d53/25f09/coverImage.webp 1920w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Anil Gupta","github":"anilswm","avatar":null}}}},{"node":{"excerpt":"As we all know, JSON Web Tokens are a way of sending information between parties in a way where the sender's authenticity can be verified…","fields":{"slug":"/engineering/invalidating-jwt/"},"html":"

As we all know, JSON Web Tokens are a way of sending information between parties in a way where the sender's authenticity can be verified. It is essentially a JSON object with a signature. Using this signature, services that issue these tokens can verify that they are the ones who issued this token and thus can trust the claims which are contained within.

\n

The trustworthiness of these tokens make them popular for use in authorization and authentication scenarios:

\n\n

For this post, we'll be focusing on the former use case. So having a token with trustworthy claims is great; we can take the token at its word, and trust all of the information that it has contained within as gospel. Our server is unburdened from having to potentially make database calls to verify the user's role, their permissions, their existence, or even if they're logged in. Once the server has generated the token, as far as it is concerned, no state has to be maintained regarding the validity of the token. It will expire once its expiration time included in its claim has passed.

\n

But before we go ahead and use this for all of our authorization needs, we have to remember that while JSON Web Tokens themselves are stateless, to have a robust, feasible, and controllable authorization workflow, we'll have to maintain some state one way or another.

\n

You can think of an authorization token as an elementary school hall pass. The teacher (resource server) knows that it is a legitimate hall pass because it is green, 6 cm x 12 cm and has a signature from another member of the faculty. Now imagine that you've issued a hall pass, but now you need to take it back (you've changed your mind, or the kid did something bad). Your options are:

\n\n

Other than the 3rd option which may or may not be feasible depending on your use case (most likely not), we can see that it is not possible to reliably remove or revoke a token without maintaining state. The solutions that I've looked upon Stack Overflow for invalidating these tokens boil down to relying on some form of state, one way or another. Don't get me wrong however, this is not a bad thing in my opinion. Using JSON Web Tokens can and do allow us to minimize the state that we do have to maintain, with minimal added complexity.

\n

So let's look at some ways that we can couple state and JSON Web Tokens that allow us to invalidate these tokens effectively.

\n

Token Whitelist

\n

We can maintain a database table containing all of the tokens issued by our server that we would like to accept as valid. This would be a 1:1 session store, with every transaction occurring requiring this table to be checked to prevent an invalidated token from being accepted. While we would not be able to reduce the amount of state being maintained on our server, JSON Web Tokens still provide us with the utility of its trusted claims (and the performance benefits of not needing to check those).

\n

Token Blacklist

\n

We can maintain a database table containing all of the tokens issued by our server that we do NOT want to accept as valid. Every transaction that occurs will require this table to be checked, to prevent an invalidated token from being accepted. Each record would only have to be maintained until the token itself expires. I can't think of any use case where a table of invalidated tokens would regularly be larger than a table of active tokens, so I'd imagine that the table maintained would almost always be smaller than maintaining a table of active tokens.

\n

Using a Dynamic Secret to Sign

\n

This solution still needs a database lookup, but interestingly requires no state. For this, we can use the hash of a piece of data to sign the token itself. For example, by using the hash of a user's password, when the user changes their password, subsequent transactions involving an old token will fail, as the signature will fail to be verified. The effectiveness of this, however, would depend on your requirements, as this would be limited to invalidating tokens based on changing data (such as changing roles, passwords, etc.). It would not allow you to invalidate a token whenever you want.

\n

Concluding Remarks

\n

I think that JSON Web Tokens coupled with a token blacklist is a fantastic way to manage authorization in web applications. This allows you to leverage the benefits of these tokens in reducing the network calls needed to secure your application, reduce the amount of data you need to store to manage sessions, and do so in a reliable way without introducing too much complexity.

\n","frontmatter":{"date":"January 18, 2021","updated_date":null,"description":"A discussion on invalidating JSON Web Tokens.","title":"Invalidating JSON Web Tokens","tags":["JSON Web Tokens","JWT"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/0c11b157497c5b54f5a0149f01ce15ac/58556/unsplash.webp","srcSet":"/static/0c11b157497c5b54f5a0149f01ce15ac/61e93/unsplash.webp 200w,\n/static/0c11b157497c5b54f5a0149f01ce15ac/1f5c5/unsplash.webp 400w,\n/static/0c11b157497c5b54f5a0149f01ce15ac/58556/unsplash.webp 800w,\n/static/0c11b157497c5b54f5a0149f01ce15ac/99238/unsplash.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Nick Chim","github":"nickc95","avatar":null}}}},{"node":{"excerpt":"HTTP (hypertext transfer protocol) is a communication protocol that transfers data between client and server. HTTP requests are very…","fields":{"slug":"/engineering/tune-the-go-http-client-for-high-performance/"},"html":"

HTTP (hypertext transfer protocol) is a communication protocol that transfers data between client and server. HTTP requests are very essential to access resources from the same or remote server. In Golang, the net/http package comes with the default settings that we need to adjust according to our high-performance requirement.

\n

For setting up HTTP clients for making requests, most programming languages have different frameworks in place. We will take a hands-on approach in the coming sections to explore how HTTP requests can be made in Golang or Go, as I will refer to the language for the rest of the post.

\n

While working on the Golang projects, I realized that improper configuration of HTTP might crash your server anytime.

\n

In the time when I was working with HTTP Client, I Observed some problems and their solutions, listed below:

\n

Problem:1 Default Http Client

\n

The HTTP client does not contain the request timeout setting by default.\nIf you are using http.Get(URL) or &Client{} that uses the http.DefaultClient. DefaultClient has not timeout setting; it comes with no timeout

\n

Suppose the Rest API where you are making the request is broken, not sending the response back that keeps the connection open. More requests came, and open connection count will increase, Increasing server resources utilization, resulting in crashing your server when resource limits are reached.

\n

Solution: Don't use the default HTTP client, always specify the timeout in http.Client according to your use case

\n
var httpClient = &http.Client{\n  Timeout: time.Second * 10,\n}
\n

For the Rest API, it is recommended that timeout should not more than 10 seconds.\nIf the Requested resource is not responded to in 10 seconds, the HTTP connection will be canceled with net/http: request canceled (Client.Timeout exceeded ...) error.

\n

Problem:2 Default Http Transport

\n

By default, the Golang Http client performs the connection pooling. When the request completes, that connection remains open until the idle connection timeout (default is 90 seconds). If another request came, that uses the same established connection instead of creating a new connection, after the idle connection time, the connection will return to the pool.

\n

Using the connection pooling will keep less connection open and more requests will be served with minimal server resources.

\n

When we not defined transport in the http.Client, it uses the default transport Go HTTP Transport

\n

Default configuration of the HTTP Transport,

\n
var DefaultTransport RoundTripper = &Transport{\n\t...\n\tMaxIdleConns:          100,\n\tIdleConnTimeout:       90 * time.Second,\n\t...\n}\n\nconst DefaultMaxIdleConnsPerHost = 2
\n

MaxIdleConns is the connection pool size, and this is the maximum connection that can be open; its default value is 100 connections.

\n

There is problem with the default setting DefaultMaxIdleConnsPerHost with value of 2 connection,\nDefaultMaxIdleConnsPerHost is the number of connection can be allowed to open per host basic.\nMeans for any particular host out of 100 connection from the connection pool only two connection will be allocated to that host.

\n

With the more request came, it will process only two requests; other requests will wait for the connection to communicate with the host server and go in the TIME_WAIT state. As more request came, increase the connection to the TIME_WAIT state and increase the server resource utilization; at the limit, the server will crash.

\n

Solution: Don't use Default Transport and increase MaxIdleConnsPerHost

\n
t := http.DefaultTransport.(*http.Transport).Clone()\nt.MaxIdleConns = 100\nt.MaxConnsPerHost = 100\nt.MaxIdleConnsPerHost = 100\n\t\nhttpClient = &http.Client{\n  Timeout:   10 * time.Second,\n  Transport: t,\n}
\n

By increasing connection per host and the total number of idle connection, this will increase the performance and serve more request with minimal server resources.

\n

Connection pool size and connection per host count can be increased as per server resources and requirements.

\n

Conclusion

\n

In this article, we discussed the problems around the 'net/http' client default configurations. By changing some of the default settings of HTTP Client, we can achieve a High-performance HTTP client for production use. If you want to learn more about http, here is an interesting post on HTTP security headers If you like what you read, share your thoughts in the comment section.

\n","frontmatter":{"date":"January 12, 2021","updated_date":null,"description":"In this post, we will discuss how to make HTTP requests for higher performance in Go, and also how to tune it.","title":"How to Use the HTTP Client in GO To Enhance Performance","tags":["Golang","HTTP","Performance"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/2aae63044134172737715b9d1801c174/58556/index.webp","srcSet":"/static/2aae63044134172737715b9d1801c174/61e93/index.webp 200w,\n/static/2aae63044134172737715b9d1801c174/1f5c5/index.webp 400w,\n/static/2aae63044134172737715b9d1801c174/58556/index.webp 800w,\n/static/2aae63044134172737715b9d1801c174/99238/index.webp 1200w,\n/static/2aae63044134172737715b9d1801c174/135cd/index.webp 1280w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Mayank Agarwal","github":"mayankagrwal","avatar":null}}}},{"node":{"excerpt":"One fairly popular question that got asked on programming bulletin boards has to do with the similarities and differences between React’s…","fields":{"slug":"/engineering/react-constructor-get-initial-state/"},"html":"

One fairly popular question that got asked on programming bulletin boards has to do with the similarities and differences between React’s constructor and the built in method getInitialState. While the simple answer to this question is indeed simple: “getInitialState is the ES5 friendly method to define the initial state of a React component,” there are a couple more details around getInitialState as well as React’s ES5 support that are interesting and useful to highlight.

\n

Constructor vs getInitialState: With or without Classes:

\n

One of the fundamental differences between ES5 and ES6 in regards to React implementation is the new class keyword. It allows definition of React components as classes, which is a familiar data structure for anyone who has had experience with more traditional object-oriented languages such as Java or C++. The class structure also allows for natural organization of the component’s elements like state, props, lifecycle methods and member functions. However, ES5 did not provide the same convenience. So instead of defining a React component as a class:

\n
class HelloWorld extends React.Component {\n  render() {\n    return <span>Hello World</span>;\n  }\n}
\n

You would rely on a helper module called create-react-class:

\n
var createReactClass = require('create-react-class');\nvar HelloWorld = createReactClass({\n  render: function() {\n    return <span>Hello World</span>;\n  }\n});
\n

And it is within the object passed into create-react-class that you could define an initial state by populating the getInitialState attribute:

\n
var HelloWorld = createReactClass({\n  getInitialState: function() {\n    return {name: this.props.name};\n  },\n  render: function() {\n    return <span>Hello {this.state.name}</span>;\n  }\n});
\n

Which, in ES6 implementation would be the equivalent of:

\n
class HelloWorld extends React.Component {\n  constructor(props) {\n    super(props);\n    this.state = {\n      name: props.name\n    }\n  }\n  render() {\n    return <span>Hello {this.state.name}</span>;\n  }\n}
\n

Autobinding

\n

One difference worth noting is that the create-react-class method automatically binds this to every attribute method. This no longer holds true if you define React components using the common ES6 class syntax, making it so that you have to manually bind this to internal methods:

\n
class HelloWorld extends React.Component {\n  constructor(props) {\n    super(props);\n    this.state = {\n      name: props.name\n    }\n\n    this.changeName = this.changeName.bind(this);\n  }\n  changeName() {\n    this.setState({ name: "World" });\n  }\n  ...\n}
\n

Or otherwise use the “arrow function” shorthand which takes care of binding:

\n
class HelloWorld extends React.Component {\n  constructor(props) {\n    super(props);\n    this.state = {\n      name: props.name\n    }\n  }\n  changeName = () => {\n    this.setState({ name: "World" });\n  }\n  ...\n}
\n

Parting Words

\n

Since the update to ES6, there have been multiple new React iterations. You could now forgo the constructor declaration altogether and just declare state inline as a class member, or utilize React Hooks as a new way to initialize states. However, the ES5 support remains useful for legacy systems and adds to the overall flexibility of React as a toolset.

\n

You can read more about React's ES5 support in the official doc entry here, and the v0.13.0 beta release blog entry here, for the respective ES6 changes.

\n","frontmatter":{"date":"January 05, 2021","updated_date":null,"description":"No ES6? No problem. getInitialState is the ES5 friendly method to define the initial state of a React component.","title":"Constructor vs getInitialState in React","tags":["JavaScript","React"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/d152aa4ad7b599edbdd9b6465d8f014b/58556/index.webp","srcSet":"/static/d152aa4ad7b599edbdd9b6465d8f014b/61e93/index.webp 200w,\n/static/d152aa4ad7b599edbdd9b6465d8f014b/1f5c5/index.webp 400w,\n/static/d152aa4ad7b599edbdd9b6465d8f014b/58556/index.webp 800w,\n/static/d152aa4ad7b599edbdd9b6465d8f014b/2eb2f/index.webp 865w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Nathan Nguyen","github":"nathannguyenn","avatar":null}}}},{"node":{"excerpt":"In JavaScript, web workers allow developers to benefit from parallel programming. Parallel programming enables various computations to be…","fields":{"slug":"/engineering/web-workers/"},"html":"

In JavaScript, web workers allow developers to benefit from parallel programming. Parallel programming enables various computations to be performed at the same time by applications.

\n

Web Workers are a browser feature that allows scripts to be executed on a separate thread from the main execution thread of your web application. This allows the main thread of your web application to run without being blocked by slow scripts in your application.

\n

Isn't JavaScript already asynchronous?

\n

Well, sort of. This has been something that had confused me many a time when I was initially learning about JavaScript. JavaScript a synchronous, single-threaded language. However, JavaScript has features that allow you to execute asynchronous code, which is handled by browser engines (on your client) or by your OS (in NodeJS), which are capable of executing code in multiple threads.

\n

We work with asynchronous methods in JavaScript by either using callbacks, Promises or async/await. We'll use Promises as an example for exploring asynchronicity in JavaScript.

\n

Promises are proxies for values that are not yet available when the Promise is created. This lets you organize parts of your code to run when the value becomes available or if something goes wrong.

\n

This does not mean that your code is running asynchronously. As I mentioned before, JavaScript code is executed on a single thread. The callback that processes the response from your created Promises still runs on your single main thread. Promises do, however, allow you to spawn asynchronous tasks, such as file I/O or making an HTTP request which runs outside of your code. This allows your main thread to work on something else while waiting for these tasks to return a response. This means that the callback functions which run after a response is received are called asynchronously.

\n

I feel that the distinction between your code running asynchronously vs. being called asynchronously is important, as you will see that you are not able to perform computationally expensive tasks without blocking your main thread, even when using Promises.

\n

Here is an example of using an expensive function (finding prime numbers) wrapped in a Promise.

\n
function findPrimeNumbers(max) {\n    return new Promise((resolve) => {\n        console.log("starting findPrimeNumbers");\n        let primes = [];\n        for (let i = 0; i < max; i++) {\n            if (i === 0 || i === 1) {\n                continue;\n            }\n            let isPrime = true;\n            for (let y = 2; y < i; ++y) {\n                if (i % y === 0) {\n                    isPrime = false;\n                    break;\n                }\n            }\n            if (isPrime) {\n                primes.push(i);\n            }\n        }\n        console.log("prime numbers found");\n        resolve(primes);\n    });\n}\n\nconsole.log("a");\nfindPrimeNumbers(100000).then(() => {\n  console.log("b");\n});\nconsole.log("c");
\n

You'll find that the above program will print the following:

\n
a\nstarting findPrimeNumbers\nprime numbers found\nc\nb
\n

The ordering of a, b, and c is not particularly noteworthy, as we already know that the callback for the findPrimeNumbers function will only execute after the main thread has nothing left to do, after printing c.

\n

What I did find interesting was that the statement printing c waits until the findPrimeNumbers function completes before being executed. To prevent functions like this from blocking the main thread, we'll have to use Web Workers.

\n

Web Workers run in a separate thread altogether, with no access to the context of the main thread. Data is sent between the worker and the main thread using a system of messages: the postMessage() method is used to send a message from one to the other, and the onmessage event handler is used to receive and respond to messages.

\n

First we need to create the script (we'll just call it find-prime-numbers.js) that the Web Worker will run:

\n
onmessage = (event) => {\n  const { data } = event;\n  const primes = findPrimeNumbers(parseInt(data));\n  postMessage(primes);\n};\n\nfunction findPrimeNumbers(max) {\n    console.log("starting findPrimeNumbers");\n    let primes = [];\n    for (let i = 0; i < max; i++) {\n        if (i === 0 || i === 1) {\n            continue;\n        }\n        let isPrime = true;\n        for (let y = 2; y < i; ++y) {\n            if (i % y === 0) {\n                isPrime = false;\n                break;\n            }\n        }\n        if (isPrime) {\n            primes.push(i);\n        }\n    }\n    console.log("prime numbers found");\n    return primes;\n}
\n

The onmessage handler receives an event with the message itself contained in the event's data attribute. Here we execute the findPrimeNumbers() function again, and use postMessage() function to send the result back to the main thread.

\n

Over in your main script, we'll create a worker object using the constructor new Worker(), which runs the named JavaScript file containing the code that we just wrote, which will run in the worker thread.

\n
const primeNumberWorker = new Worker("./find-prime-numbers.js");\nprimeNumberWorker.onmessage = (event) => {\n    console.log("b");\n};\n\nconsole.log("a");\nprimeNumberWorker.postMessage("100000");\nconsole.log("c");
\n

Running this script will print the following:

\n
a\nc\nstarting findPrimeNumbers\nprime numbers found\nb
\n

You can see that this time, the prime numbers function is actually running on a thread separate from our main one, which allows the main thread to continue printing the statement c while the worker thread works out its own response.

\n

When should you use JavaScript Web Worker

\n

To reiterate, Web Workers allow you to run your own code on a separate thread, which allows your main thread to continue rendering the UI, receive user input, etc., while your worker thread processes a response.

\n

For most web applications, the most expensive operations in your code will often be I/O, interacting with resources in your network. Thanks to JavaScript's Event Loop, these are already offloaded from your main thread to your system's operating system. As such, there is no need for Web Workers when making these kinds of operations.

\n

If you need to process large sets of data, there is a decent chance that you will be able to perform this on your server-side before sending it to your front end client for display to the user. This will allow you to rely on JavaScript's event loop to prevent these expensive operations from blocking your main thread.

\n

However, if your scenario must have these long-running tasks running on your client end, Web Workers would be an ideal solution for your needs. Some examples of these could be:

\n\n

Javascripty Web Worker Limitations

\n

As Web Workers work on a separate thread, it has no access to the parent page, which calls it. This means that the worker itself cannot manipulate the DOM nor access any data stored within it. It is not able to access the browser's localStorage and sessionStorage either. You are limited to the data sent directly via postMessage or IndexedDB for accessing stored client data.

\n

As with anything multithreaded, adding Web Workers into your application will add complexity to your application. Natively, postMessage is the only direct line of communication between threads. You will need to define how more complex workflows will be managed between your main thread and worker thread (such as error handling).

\n

If your worker can be triggered multiple times, each request will simply be queued and will run when the previous has been completed. For more complex queuing mechanisms, you would have to define this yourself.

\n

Conclusion

\n

With discussions dating back a decade, Web Workers are not a new feature. Despite their powerful potential, they haven't been widely adopted. Client side applications, for the most part, just haven't needed to perform intensive tasks where Web Workers would have been a solution. In addition, with a lack of widespread use, finding relatable examples to reference when implementing them is an extra barrier for adoption.

\n","frontmatter":{"date":"December 28, 2020","updated_date":null,"description":"Learn how to use JavaScript web workers to create parallel programming and execute multiple operations concurrently rather than interconnecting them.","title":"Web Workers in JS - An Introductory Guide","tags":["Web Workers"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/60585d671e6de5ad794eb12d714614ec/58556/unsplash.webp","srcSet":"/static/60585d671e6de5ad794eb12d714614ec/61e93/unsplash.webp 200w,\n/static/60585d671e6de5ad794eb12d714614ec/1f5c5/unsplash.webp 400w,\n/static/60585d671e6de5ad794eb12d714614ec/58556/unsplash.webp 800w,\n/static/60585d671e6de5ad794eb12d714614ec/99238/unsplash.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Nick Chim","github":"nickc95","avatar":null}}}}]},"markdownRemark":{"excerpt":"Introduction Ever wondered how apps like Spotify, Netflix, or Slack manage seamless login experiences across devices? Many of them use JWT…","fields":{"slug":"/engineering/how-to-integrate-jwt/"},"html":"

Introduction

\n

Ever wondered how apps like Spotify, Netflix, or Slack manage seamless login experiences across devices? Many of them use JWT, or JSON Web Tokens, a compact, stateless method for securely transmitting user identity and session data across services.

\n

With JWT token authentication, identity information is embedded in a signed token, allowing you to maintain user sessions without server-side storage. This approach is highly scalable and ideal for modern architectures like SPAs, mobile apps, and microservices.

\n

In this blog, we’ll walk you through what is JWT, why use it, and how to implement JWT authentication using LoginRadius.

\n

You’ll learn what JWT is, why it’s effective, and how it works in real-world applications. We'll cover both integration methods (IDX and Direct API), generating your signing key, managing sessions, storing the JWT token securely, and applying best practices throughout.

\n

Whether you're a developer, product manager, or IAM architect, this guide offers a complete foundation for implementing JWT token authentication into your application stack.

\n

What is JWT?

\n

JSON Web Token (JWT) is an open standard (RFC 7519) used to transmit information securely between parties as a JSON object. It’s compact, self-contained, and digitally signed, making it a reliable format for authentication and authorization across modern applications.

\n

A JWT consists of three parts:

\n
    \n
  1. Header – Contains metadata like the type of token and signing algorithm (e.g., HS256).
    2. \n
  2. Payload – Stores the actual data or “claims,” such as user ID, roles, and token expiry.
    3. \n
  3. Signature – A cryptographic hash that ensures the token hasn’t been tampered with.
    4. \n
\n

Example of a token structure:

\n

<base64Header>.<base64Payload>.<signature>

\n

Why Use JWT?

\n\n

How JWT Works?

\n

\"Flowchart

\n
    \n
  1. A user logs in with credentials.
    2. \n
  2. Your app (or identity provider like LoginRadius) issues a signed JWT.
    3. \n
  3. The client stores the token and sends it with each request (usually in the Authorization header).
    4. \n
  4. The server validates the token’s signature and claims.
    5. \n
  5. If valid, access is granted — without any session stored on the backend.
    6. \n
\n

JWT simplifies identity verification, especially when you're building apps that talk to APIs or need to scale without centralized session storage.

\n

JWT Authentication with LoginRadius: Overview

\n

LoginRadius provides robust support for JWT (JSON Web Token) authentication, which allows for flexible and secure access control across different digital platforms. Whether you're building a fully custom identity flow or using a pre-built interface, the platform supports various integration approaches depending on your architecture.

\n

If you're looking to understand how to implement JWT token authentication effectively, LoginRadius offers two primary implementation models that cater to different levels of customization and control:

\n

1. IDX Implementation – JWT through a Hosted Login Page

\n

The IDX-hosted login approach enables secure, standards-compliant, JWT-based authentication without requiring you to build a custom login interface. This is a strategic option for fast, compliant, and user-friendly deployments.

\n\n

Configuration Steps:

\n
    \n
  1. Enable JWT Login
    2. \n
  2. Go to authentication configuration settings and enable JWT Login in the Admin Console.
    3. \n
\n

\"Screenshot

\n
    \n
  1. Specify your signing algorithm and expiry policy, and define your JWT Secret Key.
    2. \n
  2. Input a secure JWT signing key.
    3. \n
  3. Specify token expiry duration (e.g., 15–60 minutes)
    4. \n
  4. Select the desired algorithm —HS256 for symmetric signing (same key signs and verifies)
    5. \n
  5. RS256 for asymmetric signing, where LoginRadius securely stores the private key used to sign the JWT.
    6. \n
  6. Your app or backend service uses the public key to validate the token signature.
    7. \n
  7. LoginRadius provides a JWKS (JSON Web Key Set) endpoint to dynamically fetch and rotate public keys, ensuring trust without key exposure.
    8. \n
  8. Update IDX Template for Callback
    9. \n
  9. Modify your IDX login page template to retrieve the JWT post-login. You can access the token via redirect URL parameters or secure JavaScript callbacks.
    10. \n
\n

Example Response:

\n

{

\n

\"access_token\": \"eyJhbGciOiJIUzI1NiIsInR...\",

\n

\"expires_in\": 1800

\n

}

\n

This integration approach works best for all teams that want effective identity workflows without the complexity of building proprietary login screens, something that is crucial for customer portals, onboarding of mobile applications, and even managing access for business partners.

\n

2. Direct API Implementation – Self Managed Login

\n

If you’re building a custom login UI or working in a headless environment, LoginRadius lets you generate and handle JWTs directly through its Authentication APIs. Here’s how you can programmatically perform token authentication using the classic method:

\n\n

Configuration Steps:

\n

Step 1: Authenticate via API:

\n\n

Include the user’s credentials (email + password) in the request body.

\n

Step 2: Get JWT in Response

\n\n

{

\n

\"access_token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",

\n

\"expires_in\": 3600

\n

}

\n

Step 3: JWT Decoding and Validation

\n\n

Step 4: Set Custom Claims (Optional)

\n

With LoginRadius, it is possible to customize the payload to include user roles and/or any additional metadata. You can set custom JWT claims on the Admin Console.

\n

With this method, you have complete customization over login flows while using LoginRadius to issue signed JWTs for user session management.

\n

NOTE- With either method, LoginRadius ensures that JWTs are securely signed, optionally short-lived, and compatible with standard token validation libraries, making integration seamless for everyone.

\n

To get started with JWT implementation, you can read our complete developer documentation.

\n

Hosted Login vs Direct API

\n

\"Illustration

\n

What is Session Management and How It Works with JWT

\n

Session management is how your app keeps track of a user after they log in so they don’t have to prove who they are with every request.

\n

In traditional apps, sessions are stored on the server using session IDs. Every time a request comes in, the server checks that session ID to verify the user.

\n

In modern apps, especially SPAs and APIs, JWTs are used to manage sessions without needing server-side storage; this is called stateless session management. The token itself carries the user’s identity, roles, and expiration details. As long as the token is valid, the user stays logged in.

\n

Good session management ensures:

\n\n

How LoginRadius Handles Session Management with JWT:

\n
    \n
  1. \n

    User Logs In

    \n\n
    2. \n
  2. \n

    Client Stores the Token

    \n\n
    3. \n
  3. \n

    Access Token Expiry

    \n\n
    4. \n
  4. \n

    Token Renewal

    \n\n
    5. \n
  5. Logout and Token Revocation Strategy
    6. \n
\n

When the user logs out, both the access token and refresh token should be cleared from client storage.

\n\n

Combining these strategies gives you greater control over token misuse and enables a robust, enterprise-grade logout flow.

\n

\"illustration

\n

How to Store JWT Tokens?

\n

When you implement JWT-based authentication, the client (browser or mobile app) needs a way to store the access token and, optionally, the refresh token after they are issued by the authentication server. This stored token is then attached to every subsequent request to prove the user's identity.

\n

Choosing where to store the JWT is a crucial security decision. The most common storage options are:

\n\n

Each option has trade-offs between security, accessibility, and persistence, and the right choice depends on your application's architecture and threat model.

\n

Recommended Storage Strategy

\n\n

Best Practices for Storing JWTs

\n
    \n
  1. Never store sensitive tokens (like refresh tokens) in localStorage or sessionStorage.
    2. \n
  2. Use Secure and HttpOnly flags with cookies to prevent JavaScript access and ensure transmission only over HTTPS.
    3. \n
  3. Set the SameSite=Strict or Lax attribute on cookies to protect against CSRF.
    4. \n
  4. Use short-lived access tokens and rotate refresh tokens regularly.
    5. \n
  5. Implement CSP (Content Security Policy) to reduce XSS risk.
    6. \n
  6. Avoid storing any tokens in frontend code (e.g., hardcoded in JS files).
    7. \n
\n

Conclusion

\n

JWT authentication with LoginRadius offers a modern, stateless approach to managing sessions across distributed systems. The IDX integration is ideal for rapid deployment, while the Direct API model is best for organizations needing deep customization and integration flexibility.

\n

With robust token signing, refresh capabilities, and centralized control, LoginRadius provides a future-ready foundation for secure, scalable identity architecture. Contact us to know more about JWT authentication and implementation guide.

\n

FAQs

\n

1. What is JWT authentication used for?

\n

A: JWT authentication securely verifies user identities, enabling stateless session management across web, mobile apps, and microservices without server-side session storage.

\n

2. How does LoginRadius simplify JWT integration?

\n

A: LoginRadius simplifies JWT integration by offering hosted IDX login pages and direct API-based authentication methods, enabling rapid deployment and deep customization.

\n

3. Is JWT authentication secure?

\n

A: Yes, JWT authentication is secure when implemented with best practices like short-lived tokens, secure storage methods, signature validation, and refresh token rotation.

\n

4. Can JWT tokens be revoked with LoginRadius?

\n

A: Yes, LoginRadius allows revocation of JWT refresh tokens explicitly, and supports strategies like short-lived tokens and key rotation to manage token lifecycles securely.

\n","frontmatter":{"date":"April 15, 2025","updated_date":null,"description":"Discover JWT (JSON Web Token) authentication, its advantages, and how to integrate it seamlessly using LoginRadius' hosted IDX and Direct API methods for secure, scalable identity management.","title":"JWT Authentication with LoginRadius: Quick Integration Guide","tags":["JWT","JSON Web Token","Authentication","Authorization"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":0.7782101167315175,"src":"/static/4cedb7829f98208cbc6d5a9aea4e983d/58556/how-to-integrate-jwt.webp","srcSet":"/static/4cedb7829f98208cbc6d5a9aea4e983d/61e93/how-to-integrate-jwt.webp 200w,\n/static/4cedb7829f98208cbc6d5a9aea4e983d/1f5c5/how-to-integrate-jwt.webp 400w,\n/static/4cedb7829f98208cbc6d5a9aea4e983d/58556/how-to-integrate-jwt.webp 800w,\n/static/4cedb7829f98208cbc6d5a9aea4e983d/1cc9f/how-to-integrate-jwt.webp 896w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Kundan Singh","github":null,"avatar":null}}}},"pageContext":{"limit":6,"skip":96,"currentPage":17,"type":"//engineering//","numPages":53,"pinned":"5c425581-f474-5ae9-abe7-cf5342db2aaa"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}