JWT - Json Web Token
JWT pronounced as - "JAWT" - Yes, There is 'A' in Sound
JWT - is Base64 encoded Token
It has 3 parts - Header, Payload and Signature
Its contents are easily deciphered, so no private info should be inside it
Signature needs a key - which is possessed only by Auth Server
So, JWT can not be tampered with
It can be stolen as such as a whole by malicious person
So care must be taken when we share JWT token
----------------------------------------------------------------------
JWT is a Value Token - Whatever is allowed - is written here - Its a "Value Token" - All content required is present in token itself.
JSESSIONID - is a Reference Token - Token refers to some state stored at server.
No comments:
Post a Comment