Skip to content

Web
(1 h)

JWT
(+1 h)

March 12, 2024

JSON Web Token Introduction - jwt.io

  • IANA JSON Web Token Registry

  • "Do note that for signed tokens this information, though protected against tampering, is readable by anyone. Do not put secret information in the payload or header elements of a JWT unless it is encrypted."

  • "If the token is sent in the Authorization header, Cross-Origin Resource Sharing (CORS) won't be an issue as it doesn't use cookies."

How to Sign and Validate JSON Web Tokens – JWT Tutorial

  • "When your authentication server receives an incoming JWT, it uses the incoming JWT's header and payload segments and the shared private key to generate a signature. If the signature matches, then your application knows that the incoming JWT can be trusted."

Released under the CC BY-NC-SA 4.0 License.