- The WWW-Authenticate and Proxy-Authenticate response headers define the authentication method that should be used to gain access to a resource. They must specify which authentication scheme is used, so that the client that wishes to authorize knows how to provide the credentials.
- add "secret" that is used to generate the JWT. If someone modifies the data contained in the JWT, the server will fail to decode it. So the server can trust any JWT that it can decode.
- Header
The contents of the Header describe the cryptographic operations to the JWT data.
- Payload
The payload is the central part of the JWT which contains verifiable security statements
Registered Claim Names
Public Claim Names
Private Claim Names
- Signature
HS256 algorithm, which is short for HMAC-SHA256
RS256 signing algorithm, which is short for RSA-SHA256
- RBAC :
Role-based access control is a method of restricting network access based on the roles of individual users within an enterprise.
- User Roles :
it is what the user is supposed to do in an organization, what are his/her duties.
- JWT Token :
(JSON Web Token (JWT) access tokens conform to the JWT standard and contain information about an entity in the form of claims. They are self-contained therefore it is not necessary for the recipient to call a server to validate the token.