Json Web Tokens (JWTs)
Read about JWTs - a method of securing data exchanges
Overview
After your user authenticates, the AuthN service can send you JWTs - which include the same data as the example above but in a different format. The format includes:
- A header - A response header that indicates the intention for the request
- A payload - Contains who the user is and what they can do
- A signature - Verifies that the token is valid
JWTs returned by the AuthN service are Base64 encrypted and you will need a JWT library to decode it.
Basics
In general, a JWT contains three components: header, payload, and signature, and are self-contained. Self-contained means that a server receiving a JWT can exclusively use token details from a JWTs payload to verify without having to make other calls.
Key features��
- Self-contained
- Cannot be revoked
- Shorter expiration time
- More complex to manage than session IDs
Use JWTs
- Back-end systems that need to handle an extremely high volume of HTTP requests and want to avoid latency/throughput issues
- Passing a user's credentials between several back-end systems that all trust the server that granted the JWT and each want to do their own authentication or authorization
- Organizations with the resources and desire to build a strong key management system