JSON Web Token: Difference between revisions
From Rice Wiki
No edit summary |
No edit summary |
||
Line 16: | Line 16: | ||
* https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html | * https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html | ||
* https://jwt.io/ | * https://jwt.io/ | ||
[[Category:Cybersecurity]] |
Revision as of 23:40, 7 March 2024
JSON Web Token (JWT) allows client to indicate its identity for further exchanges after authentication.
- It is compact and self-contained
- It can be signed with a secret (HMAC) or a public/private key pair (RSA)
It looks something like this
[Base64(HEADER)].[Base64(PAYLOAD)].[Base64(SIGNATURE)]
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9. TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
It is a way to operate a stateless server.