-
What is JSON Web Token?
- JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
-
When should we use JSON Web Tokens?
- Authorization
- Information Exchange
-
Claims are expected in which structural component of a JWT?
- Claims are expected in the payload of a JWT.
-
If I get a JWT and I can decode the payload, how can we call that secure?
- JWTs are not secure if the payload is not encrypted. However, if the payload is encrypted, then JWTs are secure.
-
If sending a JWT, what must a sender and receiver both know? Hint: it's in the signature.
- The sender and receiver must both know the secret key.
-
Explain how concatenated content and secret can be sent and received securely to a non-technical recruiter.
- The secret key is used to encrypt the payload. The encrypted payload is then sent to the receiver. The receiver then uses the secret key to decrypt the payload.
-
Why use JWT?
- JWTs are used for authorization and information exchange.
-
JWT is Compact and self-contained. Describe how this is useful to a non-technical friend.
- JWTs are compact and self-contained. This means that they are easy to send and receive. They are also easy to verify.
-
What are the three components (the structure) of a JWT signature?
- The three components of a JWT signature are header, payload, and signature.
- What are your learning goals after reading and reviewing the class README?
- My learning goals after reading and reviewing the class README are to learn more about JWTs and how to use them.
