Web (1 h)
JWT (+1 h)
JSON Web Token Introduction - jwt.io
"Do note that for signed tokens this information, though protected against tampering, is readable by anyone. Do not put secret information in the payload or header elements of a JWT unless it is encrypted."
"If the token is sent in the Authorization header, Cross-Origin Resource Sharing (CORS) won't be an issue as it doesn't use cookies."
How to Sign and Validate JSON Web Tokens – JWT Tutorial
- "When your authentication server receives an incoming JWT, it uses the incoming JWT's header and payload segments and the shared private key to generate a signature. If the signature matches, then your application knows that the incoming JWT can be trusted."