WTF is the WTF Series?
We've all been at that point where we ask ourselves What The F#$% is that?
In this series, we cover some common industry jargon that you may know something, nothing or a whole lot about (Please leave a comment with your thoughts, opinions or something that may have been missed).
The idea is to provide a quick read to give a basic idea around a concept so when your Co-Software Professionals comes around dropping the latest jargon you know WTF is going on ;).
A more secure way to transfer information between 2 parties.
Simple Web Tokens (SWT) & Security Assertion Markup Language Tokens ( SAML).
JSON Web Token (JWT) is an Open standard allowing secure and compact communication between 2 servers using JSON Objects.
Through a digital signature (either a secret or private/public key) the information in the JSON objects can be verified and trusted. Tokens can be signed and encrypted. Signed tokens verify the integrity of the claims in the token while encryption hides the information from other parties.
Thanks to the signature of the token JWT's can also provide a sense of security that the content of the payload has not been tampered with however unless the token has been encrypted the information in the token can be viewed so putting sensitive information into the token should be avoided.
For example, JWT's can handle roles once users log, preventing a potential escalation of user privilege.
A JWT is usually made up of 3 sections (Base64-URL strings) split using a "." EG: (xxx.yyy.zzz). These represent a header, payload, and signature.
JWT's can be sent through a URL, POST Parameter or inside an HTTP Header.
Some resources if want to read more.
One of the most consolidated misconceptions about programming, since the early days, is the idea that such activity is purely technical, completely exact in nature, like Math and Physics. Computation is exact, but programming is not.