Please enable JavaScript.
Coggle requires JavaScript to display documents.
7 JWT - Coggle Diagram
7 JWT
-
JWT (JSON Web Token)
Header and Payload are Base64 Encoded only.
This can be decoded without any secret and can be read what it contains.
-
-
-
iat (issued at), eat (expired at)
-
-
User information is stored as part of the JWT.
No server lookup is required.
No session tracking is required.
- Session sync is not required across servers running
different Apps (e.g. different LOBs - Banking and Investment).
- Secret key (used to sign) should be same on all servers.
-
Single Sign On (SSO)
- Across multiple Apps running on different Servers, Clouds
- APIs, Microservices (server-to-server authorization)
-
- JWT are signed and encoded only, and
- JWT are not encrypted
-