skynyrd
12/13/2016 - 5:20 PM

JWT Reminder

JWT Reminder

###JWT Reminder:

//Header
{
  "typ" : "JWT",
  "alg" : "HS256"
}

//Payload
{
  // RESERVED CLAIMS
  "iss" : "http://myapi.com", // issuer, recommended.
  // exp: Expiration time, recommended,
  // sub: subject, recommended,
  // aud: audience, recommended
  
  // PUBLIC CLAIMS
  "user" : "nodebotanist" // can be user name
  
  //PRIVATE CLAIMS for sharing info between parties
}

//Signature
HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret);
//Check header and payload after decode process