W
W
ward_ua2021-10-03 23:00:46
JSON Web Token
ward_ua, 2021-10-03 23:00:46

Why does a JWT include an open payload?

When studying JWT technology, the question arose: why does the token include an open payload? I see logic in this only if the encryption is symmetric and the server has to send a signature confirmation request to another server. But if the encryption is asymmetric or the server knows the private key of symmetric encryption, why transfer this data in the clear? Isn't this an "empty" increase in token length?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vasily Bannikov, 2021-10-03
@ward_ua

Opened payload is needed for two things:
1. So that the client can get any information about the token without making requests to the server.
2. So that the server can work without making unnecessary requests to the authorization server or to the database.
There is a signature for authentication

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question