Add section about JWT in overview

3146b538 · Victor Löfgren · f82de126 · 3146b538
Commit 3146b538 authored 3 years ago by Victor Löfgren
--- a/docs/source/overview/overview.md
+++ b/docs/source/overview/overview.md
@@ -26,3 +26,13 @@ The Node server will then send them back to the client.
 The client can also communicate directly with the server via sockets.
 These are suited for fast real time communication.
 Thus they are used during an active presentation to sync things between different views such as current slide and timer.
+
+### JSON Web Tokens (JWT)
+
+We use JSON Web Tokens (JWT) for authentication, both for API and socket events.
+A JWT is created on the server when a user logs in or connects to competition.
+We store some information in JWT, which can be seen in the file `server/app/apis/auth.py`.
+The JWT is also encrycpted using the secret key defined in `server/configmodule.py`.
+(OBS. Change this key before running the server in production).
+The client can read the contents of the JWT but cannot modify them because it doesn't have access to the secret key.
+This is why the server can simply read the contents of the JWT be sure that the client is who it says it is.