Public/system-design-101
1
0
Fork 0
mirror of https://github.com/ByteByteGoHq/system-design-101.git synced 2026-04-06 10:17:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
system-design-101/data/guides/jwt-101-key-to-stateless-authentication.md
Kamran Ahmed ee4b7305a2 Adds ByteByteGo guides and links (#106) 
This PR adds all the guides from [Visual
Guides](https://bytebytego.com/guides/) section on bytebytego to the
repository with proper links.

- [x] Markdown files for guides and categories are placed inside
`data/guides` and `data/categories`
- [x] Guide links in readme are auto-generated using
`scripts/readme.ts`. Everytime you run the script `npm run
update-readme`, it reads the categories and guides from the above
mentioned folders, generate production links for guides and categories
and populate the table of content in the readme. This ensures that any
future guides and categories will automatically get added to the readme.
- [x] Sorting inside the readme matches the actual category and guides
sorting on production
2025-03-31 22:16:44 -07:00

1.5 KiB
Raw Permalink Blame History

title, description, image, createdAt, draft, categories, tags
title description image createdAt draft categories tags
JWT 101: Key to Stateless Authentication Learn about JSON Web Tokens (JWT) for secure, stateless authentication. https://assets.bytebytego.com/diagrams/0244-jwt-101-key-to-stateless-authentication.png 2024-03-01 false
security
authentication
jwt

JWT or JSON Web Tokens is an open standard for securely transmitting information between two parties. They are widely used for authentication and authorization.

A JWT consists of three main components:

  1. Header

Every JWT carries a header specifying the algorithms for signing the JWT. Its written in JSON format.

  1. Payload

The payload consists of the claims and the user data. There are different types of claims such as registered, public, and private claims.

  1. Signature

The signature is what makes the JWT secure. It is created by taking the encoded header, encoded payload, secret key, and the algorithm and signing it.

JWTs can be signed in two different ways:

  • Symmetric Signatures

    It uses a single secret key for both signing the token and verifying it. The same key must be shared between the server that signs the JWT and the system that verifies it.

  • Asymmetric Signatures

    In this case, a private key is used to sign the token, and a public key to verify it. The private key is kept secure on the server, while the public key can be distributed to anyone who needs to verify the token.

Reference in New Issue View Git Blame Copy Permalink