HS256 is a symmetric algorithm (it uses a shared secret). The common signing algorithms used are HS256 and RS256, though you can see many others are supported. The algorithm is used to sign the token (we will see how Signing works in the signing section below):
Note the 3 sections (header, payload, signature) are separated by a period/dot, which allows anyone reading the token to split it into the 3 sections:Īs mentioned, the header consists of the algorithm and the token type. We can see above the encoded JWT token on the left. The website jwt.io allows you to generate, verify and decode JWT: Header which contains the algorithm and token type.
For example, if I am logged into a system, my JWT token may have claims that say my name is Carl de Souza, my role is Admin. A claim, which is passed in the token, is basically a statement that a person or organization makes about itself. This means the 3rd party can then use the token to to allow a user with the token to perform actions in their system, such as reading specific data. The idea behind JWT is that a token can be created by a system, and that token can be verified to be true and unchanged by a 3rd party system. In this post, we will do a brief introduction to what is JWT, or JSON Web Tokens.Īccording to open standard RFC 7519, JWT is “a compact, URL-safe means of representing claims to be transferred between two parties”.
0 kommentar(er)
