JWT
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec
5 Easy Steps to Understanding JSON Web Tokens (JWT)
a JWT is just a String with the following format:
It should also be noted that JWT should be sent over HTTPS connections(not HTTP). Having HTTPS helps prevents unauthorized users from stealing the sent JWT by making it so that the communication between the servers and the user cannot be intercepted.
Also, having an expiration in your JWT payload, a short one in particular, is important so that if old JWT ever get compromised, they will be considered invalid and can no longer be used.
Last updated
