JWT

JWT = JSON Web Token

Reference:

• RFC7519
• Stop using JWT for session
• Stop using JWT for session (part 2)
• SoulMachine Gist on Expiration, Revoke, and Secure JWT
• What happen if your JSON web token is stolen

Related Project:

• Jwt-Session: JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation follow the SessionHandlerInterface.

Why:

• Compact: small
• Self Contained: the actual token contains information about a given subject

Uses:

• Authorization
• Information Exchange

Structure: xxxxx.yyyyy.zzzzz

• Header –> Token Type and Signing Algo
• Payload –> Claims = entity + additional data
• Signature –> Make sure data wasn’t changed