Token Based Auth System [state-less]

UpdatedFebruary 19, 2026

•2 min read

Onkar K

Full-stack Ai Engineer

Part of seriesBack-end

In a token-based system, HS256 and RS256 are the two most common algorithms used to sign the token.

1. HS256

This method is mostly used in monolith application, where it only requires single key.
Token Based auth is state-less it means not need to store user sessions, Instead server provides a Signed_Token (digital pass) to user.
For every sub-sequent query u must have to provide that Signed_Token to verification.

How it’s work?

Login - user submit their credential to server.
Verification and creation - if credential is correct against DB, it creates Signed_Token (JWT) using secret_key send back to client.
Cookie - Server send back response with header of set_cookieincludes Signed_Token with flags httponly secure .
Browser - it automatically store the Signed_Token .
Subsequent request - in every future server request, browser attach cookie of Signed_Token header requests.
Server validation - it pull the Signed_Token from header cookie and verify it’s digital signature and expiry_date using secret_key, and process the request.

2. RS256

This method is best for micro_service distributed_systems application.

How it’s work?

The process is same as HS256 but Auth_server keeps private_key to sign in the token and gives public_key to other services to verify the token

#token-based-authentication #authentication

Comments

Join the discussion

No comments yet. Be the first to comment.

Back-end

Part 3 of 3

Start from the beginning

A Beginner's Guide to the File System Module in Node.js

The file system module, or simply fs, enables you to access and interact with the file system on your machine How to use fs The file system module is a core Node.js module. You do not have to install it. You only have to import it into your file by a...

More from this blog

How To Build MCP Server from Scratch with TypeScript and Groq

Three core concepts while building MCP Resources - Acts as a read-only data source—similar to a local file or static API endpoint—that an LLM can parse for immediate context. Tools - Executable func

Jun 9, 20267 min read

How To Build MCP Server from Scratch with TypeScript and Groq

How to Build MCP Client from Scratch with TypeScript and Groq

We are going to build MCP Client to connect MCP Server(remote/local) If you are new to building Model Context Protocol servers, I highly recommend checking out our foundational guide on How to Build L

Jun 9, 20269 min read

How to Build MCP Client from Scratch with TypeScript and Groq

Model Context Protocol (MCP)

What is MCP The Model Context Protocol (MCP) is open source standard design universal connector between AI application and external data source, tools to perform function You can think MCP as USB-C po

Jun 8, 20262 min read

Session Based Auth System [state-full]

Session based auth is traditional method of auth and it is state-full means we store sessions of user in memory or DB and share session_id to user to verity his identity This method is gold standard

Feb 18, 20262 min read

Onkar K | Full-Stack AI Engineering

19 posts

Production-grade GenAI & multi-agent apps with Next.js & TypeScript. Explore deep architectures using LangGraph.js, LangChain.js, and backends via Hono, Express, & Node.js. Master advanced RAG with Qdrant, Pinecone, and Redis caching. Track execution with Langfuse and LangSmith. Zero fluff—just type-safe code, terminal logs, and robust deployments with Docker, Kafka, and Kubernetes for modern builders

Command Palette

1. HS256

How it’s work?

2. RS256

How it’s work?

Comments

Back-end

A Beginner's Guide to the File System Module in Node.js

More from this blog