JWT
JWT = JSON Web Token
Reference:
- RFC7519
- Stop using JWT for session
- Stop using JWT for session (part 2)
- SoulMachine Gist on Expiration, Revoke, and Secure JWT
- What happen if your JSON web token is stolen
Related Project:
- Jwt-Session: JwtSession is a PHP session replacement. Instead of use FileSystem, just use JWT TOKEN. The implementation follow the SessionHandlerInterface.
Why:
- Compact: small
- Self Contained: the actual token contains information about a given subject
Uses:
- Authorization
- Information Exchange
Structure: xxxxx.yyyyy.zzzzz
- Header –> Token Type and Signing Algo
- Payload –>
Claims
= entity + additional data - Signature –> Make sure data wasn’t changed