Reading: Class 13

#Read • intro to jwt https://jwt.io/introduction/

	○ Scenarios when JWT is useful:
		§ Authorization
		§ Information Exchange
	○ Compact form
		§ Header.Payload.Signature
		§ xxxxx.yyyyy.zzzzz

	○ Header
		§ Type of token (jwt)
		§ Algorithm used (HMAC SHA 256 or RSA)
	○ Payload
		§ Claims (statements about entity, usually a user)
			□ Registered - recommended, but not mandatory
				® Issuer, expiration time, subject, audience - or iss, exp, sub, aud
				® Others as well  https://tools.ietf.org/html/rfc7519#section-4.1
			□ Public
				® Defined at will by using JWTs.
					◊ URIs or register w/ IANA JSON Web Token Registry
					◊ https://www.iana.org/assignments/jwt/jwt.xhtml
					
			□ Private
				® Custom claims shared between parties and agreed upon
			□ Example payload:
				{
				  "sub": "1234567890",
				  "name": "John Doe",
				  "admin": true
				}
				® Encoded in Base64Url for 2nd part of JWT
			□ Further Example:
				HMACSHA256(
				  base64UrlEncode(header) + "." +
				  base64UrlEncode(payload),
				  secret)
		§ http://jwt.io/  JWT Debugger
		§ https://cdn2.auth0.com/docs/media/articles/api-auth/client-credentials-grant.png
			□ 

• are jwts secure?  https://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure
	○ Stack overflow answer of if JWT is secure

#Bookmark • jsonwebtoken docs

From https://codefellows.github.io/401-js-2019-guide/curriculum/class-13/DISCUSSION

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Reading: Class 13

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally