-
-
What is a JSON Web Token (JWT)?
- a compact and self-contained way for securely transmitting information between parties as a JSON object
-
When should we use JSON Web Tokens?
- used for authorization and information exchange
-
Claims are expected in which structural component of a JWT?
- The second part of the token is the
payload, which contains the claims
- The second part of the token is the
-
-
-
If I get a JWT and I can decode the payload, how can we call that secure?
- if theres a change it wont be accepted
-
If sending a JWT, what must sender and receiver both know? Hint, it’s appended in the signature.
- hash/secret
-
Explain how concatenated content and secret can be sent and received securely to a non-technical recruiter.
- ifthe special key between parties is changed for some reason, they will no longer accept the key
-
-
-
Why use JWT?
- because it can be signed digitally-info is verified and trusted
-
JWT is Compact and self-contained. Describe how this is useful to a non-technical friend.
- fast transmission/self contained
-
What are the three components (the structure) of a JWT signature?
- header/payload/signature
-
- I'd like to see the code work.