JSON Web Token (JWT) authentication

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf crypt
gptkbp:advantage scalability
statelessness
cross-domain support
gptkbp:alternativeTo session-based authentication
cookie-based authentication
gptkbp:component header
signature
payload
gptkbp:definedIn gptkb:RFC_7519
gptkbp:enables token-based authentication
https://www.w3.org/2000/01/rdf-schema#label JSON Web Token (JWT) authentication
gptkbp:involves access token
refresh token
gptkbp:popularLibrary PyJWT (Python)
java-jwt (Java)
jsonwebtoken (Node.js)
jwt-go (Go)
gptkbp:repealedBy blacklist
refresh token rotation
short expiration time
gptkbp:riskFactor token replay
token expiration
token theft
algorithm confusion attack
gptkbp:supports single sign-on
gptkbp:transmittedBy HTTP header
Authorization header
Bearer schema
gptkbp:usedBy gptkb:Okta
gptkb:Firebase_Authentication
gptkb:Google_Identity_Platform
gptkb:Auth0
gptkb:OAuth_2.0
gptkb:OpenID_Connect
gptkb:Amazon_Cognito
gptkb:Microsoft_Azure_AD
gptkbp:usedFor stateless authentication
gptkbp:usedIn web applications
mobile applications
gptkbp:uses gptkb:RSA
gptkb:JSON_Web_Token
gptkb:HMAC
public key cryptography
Elliptic Curve cryptography
gptkbp:vulnerableTo gptkb:XSS_attacks
token leakage
none algorithm attack
gptkbp:bfsParent gptkb:IBM_Db2_family
gptkbp:bfsLayer 7