JWT (JSON Web Tokens)


While working on one of the security-related aspects of the platform i’m building, i came across JWT specification which i find very interesting and thought will share with you the notes i made while reading:


  1. JWT acronym stands for “JSON Web Tokens”.
  2. Definition of a security token:
  • encrypted data structure (in this case of JSON format) which contains:
    • information about the issuer and subject (claims)
    • proof of authenticity (digital signature)
    • expiration (validity) time
  1. Suggested pronunciation of JWT is the same as the English word “jot”.
  2. Basic facts:
  1. Why JSON-based standard?
  • XML-based SAML data format, exchanged over SOAP protocol offered a ton of encryption and signature options but was percieved as a “heavy” technology and of not…

View original post 328 more words