Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Oktokolo6420130dSo what does "JWT" stand for?
asgs10446130dYou mixed a lot of terminologies here, especially Nickels. Let me explain what JWT is for
JWT is just an auth token with some user info encoded into it. If the info is to be protected, you can encrypt it using a symmetric algorithm where the sender and receiver both have access to the key
PKI is for a different purpose. It is an asymmetric encryption mechanism where the sender encrypts using public key and the (intended) receiver can only decrypt using the private key. On the other hand, if sender encrypts data using the private key and the receiver could decrypt using the public key, it only ensures the sender is authentic and is assumed to be digitally "signed". It is not meant to protect sensitive data from being eavesdropped
Hazarth5515130dJWT is literally just a Json Web Token.
Usually when you log-in to a service, you receive a token that confirms that you are who you say you are and the server trusts you. This is then sent back in the Authorization header of all your requests.
One common way is that the server generates a random token for you, stores it in the database and then gives it back to you. Then every time you make a request it gets your token, looks for it in the database, if it's valid it looks what user it belongs to and then processes your request as that user
Now with JWT there's no database storage, because the token already carries all the data in the JSON format. You log-in, you get the token and then every time you send it back the server can just read it and know who you are.
Now if that was all, then anyone could just make a b64 encoded json token and pretend to be anyone else, so there's one more crucial step which is signing the token as well (read on what digital signature is)
netikras27260130dI got lost 2 lines into your analogy....
JWT - is like your plane ticket. It has your name, last name in it, it claims the class and seat to seat you in. It might contain more info useful for a flight attendant, giving you more or less privileges.
Just like plane tickets have mechanisms preventing them from forgery, jwt tokens have them too [signature].
KDSBest394129dYour analogy feels more complicated than the real deal.
JWT consists of Header, Payload and a Signature. The signature is created by Priv/Pub Encryption via Certificate or a shared Password.
The Certificate Version is secure and has the ability that the client can verify the signature via public Key, but noone without the private key can create the signature.
If you want you can also do any shinanigans to the payload e.g. encrypt it whatever.
Wisecrack249So I cracked prime factorization. For real. I can factor a 1024 bit product in 11hours on an i3. No GPU acce...
tokenguy7- Let's make the authentication system so the user can only login in one device at time, because this is more ...
JustinReidy5Status: 200 Res.body: errMsg: err is undefined That's real helpful mongo