What header(s) are used in authentication and authorization
- we used the Authorization header to carry encoded credientials or JWTs
What is safe to put into a JWT
- Any information that is not sensative can be put into a JWT, however if you do need to include sensitive information, it should be encrypted, then sent as a JWT. source
How are JWTs validated
- JWTs are validated by using the SECRET to encode the JWT, then the server side uses the a key to decode it and validate that they match. If a JWT is modified it will not work.
RBAC
- Role Based Access Control allows you to create and enforce access by assigning a set of permissions to what each specific user or user groupe can and cannot do. source
User Roles
- user roles are typically defined on an access control list (ACL) and have specific permissions set to them. This allows for assigning general permissions to groups of people based on their role and scales well with size.
JWT Token
- An open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. source
Which 3 things had you heard about previously and now have better clarity on?
- JWT validation, safty and RBAC
Which 3 things are you hoping to learn more about in the upcoming lecture/demo?
- JWT validation, safty and RBAC
What are you most excited about trying to implement or see how it works?
- Secure JWTs