Security Flashcards
Describe JWT
JWT stands for JSON Web Token. It’s a string representing a set of claims as a JSON object that is encoded in a JWS or JWE, enabling the claims to be digitally signed or MACed and/or encrypted.
Describe a Claim
It’s a piece of information asserted about a subject. A claim is represented as a name/value pair consisting of a Claim Name and a Claim Value.
Credential Sharing
Before OAuth, this was a method used by applications to impersonate a user in order to access a third party API on the user’s behalf. This opens up a lot of security venerability’s such as the application having to store the credentials for future use. Since the application was impersonating the user, there was no way to restrict the application from accessing only certain endpoints. Also security best practices such as MFA are unavailable in this scenario.