JSON Web Token (JWT) authentication
GPTKB entity
Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
crypt
|
gptkbp:advantage |
scalability
statelessness cross-domain support |
gptkbp:alternativeTo |
session-based authentication
cookie-based authentication |
gptkbp:component |
header
signature payload |
gptkbp:definedIn |
gptkb:RFC_7519
|
gptkbp:enables |
token-based authentication
|
https://www.w3.org/2000/01/rdf-schema#label |
JSON Web Token (JWT) authentication
|
gptkbp:involves |
access token
refresh token |
gptkbp:popularLibrary |
PyJWT (Python)
java-jwt (Java) jsonwebtoken (Node.js) jwt-go (Go) |
gptkbp:repealedBy |
blacklist
refresh token rotation short expiration time |
gptkbp:riskFactor |
token replay
token expiration token theft algorithm confusion attack |
gptkbp:supports |
single sign-on
|
gptkbp:transmittedBy |
HTTP header
Authorization header Bearer schema |
gptkbp:usedBy |
gptkb:Okta
gptkb:Firebase_Authentication gptkb:Google_Identity_Platform gptkb:Auth0 gptkb:OAuth_2.0 gptkb:OpenID_Connect gptkb:Amazon_Cognito gptkb:Microsoft_Azure_AD |
gptkbp:usedFor |
stateless authentication
|
gptkbp:usedIn |
web applications
mobile applications |
gptkbp:uses |
gptkb:RSA
gptkb:JSON_Web_Token gptkb:HMAC public key cryptography Elliptic Curve cryptography |
gptkbp:vulnerableTo |
gptkb:XSS_attacks
token leakage none algorithm attack |
gptkbp:bfsParent |
gptkb:IBM_Db2_family
|
gptkbp:bfsLayer |
7
|