O'Reilly logo

Mastering Internet of Things by Peter Waher

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using tokens to transport claims

Due to the complexity of using certificates and the need to be able to transport custom claims, technologies such as JSON Web Tokens, or JWT, have become popular. They allow the transmission of claims encoded into a simple text string that is easy to distribute and contains a HMAC SHA-256 signature. HMAC basically means that the claims are salted in a special way with a secret. This secret must be shared between the issuer of the token and all recipients. While JWT tokens are simpler to implement and maintain, they induce a vulnerability compared to certificates in distributed systems, since the secret must be distributed between all entities. Therefore, only use such tokens where such a distribution can be ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required