JSON Web Token (JWT)

Spread the love

JSON Web Token (JWT)

is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

  • A server issues a token to a client after verifying its credentials (ex: username and password).
  • The client then uses the token to access the protected resources on the server.
  • Is composed of three parts: a header, a payload, and a signature.
  • Header: contains metadata. Algorithm used to sign the token.
  • Payload: contains the claims and the data.
  • Signature: used to verify the integrity and authenticity of the token
  • The server verifies the token by:
  • checking its signature, validating the claims (identity, roles, permissions, expiration time)
  • The token is not necessary to be stored (it is signed).

Leave a Reply

Your email address will not be published. Required fields are marked *