Sunday, January 3, 2021

JWT - Json Web Tokens

 JWT - Json Web Token

JWT pronounced as - "JAWT" - Yes, There is 'A' in Sound 

JWT - is Base64 encoded Token

It has 3 parts - Header, Payload and Signature
Its contents are easily deciphered, so no private info should be inside it

Signature needs a key - which is possessed only by Auth Server
So, JWT can not be tampered with
It can be stolen as such as a whole by malicious person 
So care must be taken when we share JWT token


----------------------------------------------------------------------

JWT is a Value Token - Whatever is allowed - is written here - Its a "Value Token" - All content required is present in token itself.

JSESSIONID - is a Reference Token - Token refers to some state stored at server.

No comments:

Post a Comment

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass