Reading Notes for Day 7 of 401:
Intro to JWT
- What is a JSON Web Token (JWT)?
- When should we use JSON Web Tokens?
- Claims are expected in which structural component of a JWT?
-
Are JWTs Secure? Not really.
- If I get a JWT and I can decode the payload, how can we call that secure? We don’t.
If sending a JWT, what must sender and receiver both know? Hint, it’s appended in the signature.
Explain how concatenated content and secret can be sent and received securely to a non-technical recruiter.
Videos
JWTs Explained
- Why use JWT?
- JWT is Compact and self-contained. Describe how this is useful to a non-technical friend.
- What are the three components (the structure) of a JWT signature?