Discover and read the best of Twitter Threads about #JSONWebToken
Most recents (1)
Let’s get our series started in which we make our case against token-based AuthZ.
JWTs are like a key and composed of three parts: a header, a payload, and a signature.
JWTs are like a key and composed of three parts: a header, a payload, and a signature.
The payload contains information to identify the owner of the token: user ID, email address, etc.
These are called claims and essentially, they can hold whatever info you may need.
These are called claims and essentially, they can hold whatever info you may need.
The signature is what makes a JWT secure, but JWTs are usually not encrypted.
The information is encoded (not encrypted), which means it can be decoded.
The way to keep JWTs secure is to make sure they are hashed using a secret.
The information is encoded (not encrypted), which means it can be decoded.
The way to keep JWTs secure is to make sure they are hashed using a secret.
