Below you will find some reading material, code samples, and some additional resources that support today’s topic and the upcoming lecture.
Review the Submission Instructions for guidance on completing and submitting this assignment.
A JSON Web Token (JWT) is a compact, self-contained, digitally signed token that contains claims (information) about a user or entity, which can be used for authentication and authorization purposes.
JSON Web Tokens should be used when we need a secure way to transmit information between two parties, such as during user authentication in a web application.
Claims are expected in the payload component of a JWT.
Even if we can decode the payload of a JWT, it is still considered secure because the signature of the JWT ensures its integrity and prevents tampering.
When sending a JWT, the sender and receiver must both know the secret key that is used to verify the signature of the JWT.
Concatenated content and secret can be sent and received securely to a non-technical recruiter by using secure communication channels, such as encrypted email or secure file transfer protocols, to ensure that the information remains confidential.
JWTs are used because they provide a secure and efficient way to transmit information between different systems or parties.
The compact and self-contained nature of JWTs means that all the necessary information is contained within the token itself, making it easy to transmit and validate without the need for additional database lookups or server calls.
The three components of a JWT signature are the header, the payload, and the signature itself, which are encoded and concatenated together to form the complete JWT.