JSON Web Token

From Rice Wiki
Revision as of 23:40, 7 March 2024 by Rice (talk | contribs)

JSON Web Token (JWT) allows client to indicate its identity for further exchanges after authentication.

  • It is compact and self-contained
  • It can be signed with a secret (HMAC) or a public/private key pair (RSA)

It looks something like this

[Base64(HEADER)].[Base64(PAYLOAD)].[Base64(SIGNATURE)]

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9. TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

It is a way to operate a stateless server.

Sources