- What header(s) are used in authentication and authorization?
The HTTP Authorization request header contains the credentials to authenticate a user agent with a server, usually, but not necessarily, after the server has responded with a 401 Unauthorized status and the WWW-Authenticate header.
The HTTP WWW-Authenticate response header defines the authentication method that should be used to gain access to a resource.
- What is safe to put into a JWT
the header and the payload
- How are JWTs validated
Check signatures.
RBAC - Role-Based Access Control is a method of restricting network access based on the roles of individual users within an enterprise.
User Roles - User Roles are permission sets that control access to areas and features within the application.
JWT Token - a compact URL-safe means of representing claims to be transferred between two parties.