Search IconIcon to open search


Last updated May 25, 2022 Edit Source

Authorization is the process of verifying what a user has access to (whereas authentication is the process of verifying who someone is)


Each JWT contains encoded JSON objects, including a set of claims. JWTs are signed using a cryptographic algorithm to ensure that the claims cannot be altered after the token is issued. ** Three components (looks something like this: xxxxx.yyyyy.zzzzz.)

  1. Header: contains the type of token and signing algorithm
  2. Payload: contains the claims
  3. Signature: ensures the token hasn’t been altered

The party that creates the JWT signs the header and payload with

When the token is used, the receiving party verifies that the header and payload match the signature.

See also: UCAN

Interactive Graph