![]() ![]() So, how does this verification actually work? Well, it is actually quite straightforward. So again, this verification step will check if no third party actually altered either the header or the payload of the Json Web Token. In other words, it will verify if no one changed the header and the payload data of the token. Once the server receives a JWT to grant access to a protected route, it needs to verify it in order to determine if the user really is who he claims to be. ![]() Then together with the header and the payload, these signature forms the JWT, So only this data plus the secret can create this signature, all right? The signing algorithm takes the header, the payload, and the secret to create a unique signature. The signature is created using the header, the payload, and the secret that is saved on the server.Īnd this whole process is then called signing the Json Web Token. But that's not a problem at all because in the third part, so in the signature, is where things really get interesting. So anyone will be able to decode them and to read them, we cannot store any sensitive data in here. Anyway, these two parts are just plain text that will get encoded, but not encrypted. So the more data we want to encode here the bigger the JWT. The header, the payload and the signature Now the header is just some metadata about the token itself and the payload is the data that we can encode into the token, any data really that we want. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |