JSON Web Token: Difference between revisions

From Rice Wiki
No edit summary
No edit summary
Line 16: Line 16:
* https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html
* https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html
* https://jwt.io/
* https://jwt.io/
[[Category:Cybersecurity]]

Revision as of 23:40, 7 March 2024

JSON Web Token (JWT) allows client to indicate its identity for further exchanges after authentication.

  • It is compact and self-contained
  • It can be signed with a secret (HMAC) or a public/private key pair (RSA)

It looks something like this

[Base64(HEADER)].[Base64(PAYLOAD)].[Base64(SIGNATURE)]

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9. TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

It is a way to operate a stateless server.

Sources