Recall & Review
beginner
What are the three parts of a JWT (JSON Web Token)?
A JWT has three parts separated by dots: Header, Payload, and Signature.
Click to reveal answer
beginner
What information does the JWT Header contain?
The Header usually contains the token type (JWT) and the signing algorithm used, like HS256 or RS256.
Click to reveal answer
beginner
What is stored in the Payload of a JWT?
The Payload contains claims or data about the user and token, like user ID, expiration time, and roles.
Click to reveal answer
intermediate
What is the purpose of the Signature in a JWT?
The Signature ensures the token is not altered. It is created by signing the Header and Payload with a secret or private key.
Click to reveal answer
intermediate
Describe the typical flow of JWT in a REST API authentication.
1. User logs in and server creates a JWT.<br>2. Server sends JWT to user.<br>3. User sends JWT with each request.<br>4. Server verifies JWT signature and data.<br>5. If valid, server processes request; if not, rejects it.
Click to reveal answer
Which part of the JWT contains the user's data like user ID?
✗ Incorrect
The Payload holds the user's data and claims.
What does the Signature in a JWT protect against?
✗ Incorrect
The Signature ensures the token has not been changed.
When does the server verify the JWT?
✗ Incorrect
The server checks the JWT on every request to confirm validity.
What is the format of a JWT?
✗ Incorrect
JWT is a Base64 encoded string with Header, Payload, and Signature separated by dots.
Which algorithm might be specified in the JWT Header?
✗ Incorrect
HS256 is a common signing algorithm used in JWT headers.
Explain the structure of a JWT and what each part does.
Think about how the token is built and why each part is important.
You got /6 concepts.
Describe the flow of JWT in a REST API from login to request validation.
Imagine how a user proves who they are using the token.
You got /5 concepts.