Discover and read the best of Twitter Threads about #jsonwebtoken

Most recents (1)

Let’s get our series started in which we make our case against token-based AuthZ.

JWTs are like a key and composed of three parts: a header, a payload, and a signature. Image
The payload contains information to identify the owner of the token: user ID, email address, etc.

These are called claims and essentially, they can hold whatever info you may need.
The signature is what makes a JWT secure, but JWTs are usually not encrypted.

The information is encoded (not encrypted), which means it can be decoded.

The way to keep JWTs secure is to make sure they are hashed using a secret.
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!