March 2018
Beginner to intermediate
410 pages
10h 40m
English
Due to the complexity of using certificates and the need to be able to transport custom claims, technologies such as JSON Web Tokens, or JWT, have become popular. They allow the transmission of claims encoded into a simple text string that is easy to distribute and contains a HMAC SHA-256 signature. HMAC basically means that the claims are salted in a special way with a secret. This secret must be shared between the issuer of the token and all recipients. While JWT tokens are simpler to implement and maintain, they induce a vulnerability compared to certificates in distributed systems, since the secret must be distributed between all entities. Therefore, only use such tokens where such a distribution can be ...
Read now
Unlock full access