JSON Web Token (JWT) authentication
GPTKB entity
Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
crypt
|
| gptkbp:advantage |
scalability
statelessness cross-domain support |
| gptkbp:alternativeTo |
session-based authentication
cookie-based authentication |
| gptkbp:component |
header
signature payload |
| gptkbp:definedIn |
gptkb:RFC_7519
|
| gptkbp:enables |
token-based authentication
|
| https://www.w3.org/2000/01/rdf-schema#label |
JSON Web Token (JWT) authentication
|
| gptkbp:involves |
access token
refresh token |
| gptkbp:popularLibrary |
PyJWT (Python)
java-jwt (Java) jsonwebtoken (Node.js) jwt-go (Go) |
| gptkbp:repealedBy |
blacklist
refresh token rotation short expiration time |
| gptkbp:riskFactor |
token replay
token expiration token theft algorithm confusion attack |
| gptkbp:supports |
single sign-on
|
| gptkbp:transmittedBy |
HTTP header
Authorization header Bearer schema |
| gptkbp:usedBy |
gptkb:Okta
gptkb:Firebase_Authentication gptkb:Google_Identity_Platform gptkb:Auth0 gptkb:OAuth_2.0 gptkb:OpenID_Connect gptkb:Amazon_Cognito gptkb:Microsoft_Azure_AD |
| gptkbp:usedFor |
stateless authentication
|
| gptkbp:usedIn |
web applications
mobile applications |
| gptkbp:uses |
gptkb:RSA
gptkb:JSON_Web_Token gptkb:HMAC public key cryptography Elliptic Curve cryptography |
| gptkbp:vulnerableTo |
gptkb:XSS_attacks
token leakage none algorithm attack |
| gptkbp:bfsParent |
gptkb:IBM_Db2_family
|
| gptkbp:bfsLayer |
7
|