Wep validating identity
If you’re not familiar with the JWT spec, the Issuer and Audience claims are optional.
They are being used here to identify the application (issuer) and the client (audience). NET Core cookie authentication middleware doesn’t support validating JWTs passed via cookies.
For mobile applications, headers are the way to go.
The benefits are great: less server state to manage, better scalability, and a consistent identity and authentication mechanism across web and mobile clients. How do you implement both sides of token authentication – token verification Tokens can also be transmitted via browser cookies.
If you need a refresher on how tokens work, read our overview of token authentication and JWTs. Which transport method you choose (headers or cookies) depends on your application and use case.