What JWT is used for?
A JWT is used for authorisation, authorisation is making sure that the user that sends a request to your server is...
For further actions, you may consider blocking this person and/or reporting abuse
For a second there I thought JWT = James web telescope đ
đđ
đ¤Ŗđ¤Ŗđ¤Ŗ
Hahaha same.
JWT is great. Essential for single page web apps for example where you don't want to keep user credentials in memory along the session and you rely on continuous calls to REST APIs
One interesting thing that u did not mention. The use of private/public keys..
In short before it gets confusing, u can have one entity that is responsible for signing the JTW (so like a "central login" where u get the JWT from). The signing is done with the private key. The public key, (it's not public in the way everyone can have it) can be used to verify if the JWT is valid (so that key can be used in all services to verify the user).
One important thing to remember about JWT's is that u can not invalidate a JWT (but u can set an expatiation time) as it is "stateless".
Thanks a lotđ
But i have a question about the payload:
Is the payload part of the JWT?
And is the payload hashed with the token?
So, will the server recognize, if the payload has been changed on the client?
Payload is part of the JWT and anyone can decode it jwt.io, however the client can't change the payload as the server is the only one having the key it was signed with and with that key can verify that the JWT is valid.
right!!đ
This example doesn't seem correct to me. In case of session based authentication we can use common session database (redis) between multiple servers.
Agree, and it says nothing about expiring or invalidating the issued tokens.
Great article!!!
thankyou!!
Yeah, nice one
thanks!!
Informative đđ
thanks!!