JWT Flashcards
A JWT contains three parts
—a header (x), a payload (y), and a signature (z)—that are separated by a dot
The header of the JWT consists of
two parts:
1) the type of token
and
2) the signing algorithm being used
he signing algorithm is used to
ensure that the message is authentic and not altered.
an example of a JWT header:
{
“alg”: “RSA”,
“typ”: “JWT”
}
Signing algorithms are
algorithms used to sign tokens issued for your application or API
The payload is the second part of a JWT that
contains the claims
a JWT payload claim is
a statement (pair of key:value) about an entity (typically, the user) and additional data.
an example of a JWT payload :
{
“id”: “d1397699-f37b-4de0-8e00-948fa8e9bf2c”,
“name”: “John Doe”,
“admin”: true
}
The signature of a JWT is
the encoded header,
the encoded payload plus a secret,
and an algorithm specified in the header,
all of them combined and signed.
Example of a signature of a JWT using RSA algorithm:
RSA(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),
secret)
The role of a JWT signature is to
track whether information has been changed
What happens Each time a user successfully logs in and JWT is being used?
a JWT is created and returned. The JWT will be represented as credentials used to access protected resources.
why we should specify an expiration time when creating a JWT?
The fact that it’s possible to store data in a JWT makes it vulnerable
What’s the purpose of an Access token?
Used to access resources and handle authorization.
What’s the purpose of a Refresh token?
Used to retrieve a new access token.
