JWT: Difference between revisions
| Line 6: | Line 6: | ||
* <SIGNATURE> ensure the correctness (not tampered, trusted source) | * <SIGNATURE> ensure the correctness (not tampered, trusted source) | ||
** <SIGNATURE> = function(<HEADER>,<PAYLOAD>,<SECRET>) | ** <SIGNATURE> = function(<HEADER>,<PAYLOAD>,<SECRET>) | ||
** <SECRET> is known by the authentication service and by the application server | |||
===Resources=== | ===Resources=== | ||
* https://jwt.io/ e.g. for decoding | * https://jwt.io/ e.g. for decoding | ||
Latest revision as of 00:13, 19 February 2022
Jason Web Token (JWT)[edit]
- pronounced as jott
- consists of
<HEADER>.<PAYLOAD>.<SIGNATURE>
- <PAYLOAD> tells who is making the request
- <SIGNATURE> ensure the correctness (not tampered, trusted source)
- <SIGNATURE> = function(<HEADER>,<PAYLOAD>,<SECRET>)
- <SECRET> is known by the authentication service and by the application server
Resources[edit]
- https://jwt.io/ e.g. for decoding