Torrent details for "The FusionAuth Team. Breaking down JSON Web Tokens...2022 [andryold1]"    Log in to bookmark

wide
Torrent details
Cover
Download
Torrent rating (0 rated)
Controls:
Category:
Language:
English English
Total Size:
1,007.48 kB
Info Hash:
664c54c64afebde4351ec5fb7bc6df8602d57a76
Added By:
Added:  
27-12-2022 17:38
Views:
160
Health:
Seeds:
5
Leechers:
0
Completed:
10
wide




Description
wide
Externally indexed torrent
If you are the original uploader, contact staff to have it moved to your account
Textbook in PDF format

JSON Web Tokens, or JWTs, are a powerful tool to encapsulate information in an integrity preserving fashion. This technology is widely deployed and supported, and can help you build scalable, secure systems.
JSON Web Tokens, or JWTs, are self-contained, portable, stateless tokens that are often issued by identity providers or otherwise used to safely transmit state between different parts of a system.
This book will dive deep into various aspects of JWTs, from creation to revocation. You'll also learn about all the pieces of a JWT and how you can validate them, should you be building an API or microservice that is presented with one.
First things first. JSON Web Tokens, or JWTs, are pronounced ‘jot’, not J-W-T. There are two kinds of JWTs: signed and encrypted. Signed JWTs allow you to cryptographically verify the integrity of the JWT. That means you can be assured the contents are unchanged from when the signer created it. However, signed JWTs do not protect the data carried from being seen anyone who possesses a JWT can see its content. You don’t want to put anything in a JWT that should be a secret or that might leak information.
Encrypted JWTs, on the other hand, have a payload that cannot be read by those who do not possess the decryption key. If you have a payload that must be secret and both the creator and recipient of the JWT support it, encrypted JWTs are a good solution.
In general, signed JWTs are far more common. Unless otherwise noted, if this book uses the term JWT, it refers to a signed JWT.
JWTs are often used as stateless, portable tokens of identity. This usage will be the focus of this book, but what does that actually mean?
- They are stateless because the integrity of the information can be determined without contacting any remote service or server. The aforementioned signature allows a consumer of a JWT to verify the integrity without any network access.
- They are portable because, even though they contain characters such as { that are typically not acceptable in certain contexts, JWTs use base64 URL encoding. This encoding ensures that the contents are safe for HTTP headers, cookies, and form parameters.
- Because of the flexibility of the JSON format, JWTs can encapsulate identity information, such as roles and user identifiers.
The combination of these attributes mean that JWTs are great for transporting identity information to different services. One service may authenticate the user and create a JWT for the client, and then other services, which offer different functionality and data depending on who the user is, can consume that JWT. This works especially well for APIs and microservices, which have minimal information about the user in their datastore. This is why many auth servers, also known as identity providers, issue JWTs

  User comments    Sort newest first

No comments have been posted yet.



Post anonymous comment
  • Comments need intelligible text (not only emojis or meaningless drivel).
  • No upload requests, visit the forum or message the uploader for this.
  • Use common sense and try to stay on topic.

  • :) :( :D :P :-) B) 8o :? 8) ;) :-* :-( :| O:-D Party Pirates Yuk Facepalm :-@ :o) Pacman Shit Alien eyes Ass Warn Help Bad Love Joystick Boom Eggplant Floppy TV Ghost Note Msg


    CAPTCHA Image 

    Anonymous comments have a moderation delay and show up after 15 minutes