What are the three components of a JWT?
Tests if you know JWT structure beyond library usage. A strong answer lists header, payload, and signature; notes Base64Url encoding; and gives a registered claim like exp. A red flag is confusing signing with encryption.
Tests if you understand JWT anatomy beyond library abstraction. A good answer identifies the JOSE header, payload, and signature, separated by dots; explains that the header carries the algorithm and token type, the payload carries registered or custom claims, and the signature verifies integrity; and names a standard claim such as exp, iat, iss, sub, or aud. A red flag is treating the signature as encryption, claiming JWTs are confidential by default, or failing to mention that the payload is merely Base64Url-encoded and readable by anyone.
Read the original → rfc-editor.org
- #jwt
- #security
- #authentication
- #fastapi
- #python
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.