In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic , where credentials is the Base64 encoding of ID and password joined by a single colon
A JWT needs to be stored in a safe place inside the user's browser. ... To keep them secure, you should always store JWTs inside an httpOnly cookie. This is a special kind of cookie that's only sent in HTTP requests to the server. It's never accessible (both for reading or writing) from JavaScript running in the browser
When you receive a JWT from the client, you can verify that JWT with this that secret key stored on the server. Any modification to the JWT will result in verification (JWT validation) failure. A JWT is simply a string but it contains three distinct parts separated with dots (.)
- RBAC : Role-based access control
- User Roles : A permission is the right to access one or more system objects. A role is a group of permissions.
- JWT Token: JSON Web Token (JWT) access tokens conform to the JWT standard and contain information about an entity in the form of claims.
1.how is Role-based access control working 2. deferent between Role-based access control and Special gate in some websites 3. cookies
- what cookies contain also
- how to build more RBAC web app
- JWT Token
-
how can get benefit from the cookies