Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
ward_ua2021-10-03 23:00:46
JSON Web Token
ward_ua, 2021-10-03 23:00:46

Why does a JWT include an open payload?

When studying JWT technology, the question arose: why does the token include an open payload? I see logic in this only if the encryption is symmetric and the server has to send a signature confirmation request to another server. But if the encryption is asymmetric or the server knows the private key of symmetric encryption, why transfer this data in the clear? Isn't this an "empty" increase in token length?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily Bannikov, 2021-10-03
@ward_ua

Opened payload is needed for two things:
1. So that the client can get any information about the token without making requests to the server.
2. So that the server can work without making unnecessary requests to the authorization server or to the database.
There is a signature for authentication

Similar questions
R
Roman2016-12-29 20:20:23
How to use JWT correctly? 1Reply
A
Andrey Okhotnikov2019-07-10 10:41:50
Adding authorization token to headers? 1Reply
V
Vladislav Prikhodko2017-03-04 00:59:08
Is jwt+API authorization properly implemented? 1Reply
J
jeruthadam2019-08-08 20:25:19
How to make a general authorization for a grid of sites? 2Reply
J
jeruthadam2019-08-09 14:31:02
How to safely use refresh token? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question