JWT

JSON Web Tokens

Old days

Cookie

CSRF

New way

JWT

https://tools.ietf.org/html/rfc7519

JWT

  • Header
  • Payload
  • Signature

HEADER

{
  "alg": "HS256",
  "typ": "JWT"
}

PAYLOAD

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true
}

SIGNATURE

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

https://jwt.io/

Local/Session Storage

Access and refresh

401

JWT

By Vladimir

Made with Slides.com

JWT

  • 106

More from Vladimir