The algorithm used to encode the header and payload in JSON Web Tokens (JWTs) is typically specified in the "alg" (algorithm) claim within the header of the JWT. The most common algorithms used for encoding the header and payload are various HMAC (Hash-based Message Authentication Code) algorithms, including HS256 (HMAC-SHA256). Base64 encoding, on the other hand, is commonly used to encode the resulting signature, which is created by hashing the concatenated header and payload with a secret key using the specified algorithm. The encoded header, payload, and signature are then combined with dots (.) to form the final JWT.
Assuming backend just accept request that contain token. How can handle returned token from backend to use in all request of frontend(javaFX) that send to backend? My problem is handling token in frontend.
Yes, it's possible for unauthorized parties to steal JWT tokens from a browser under certain circumstances, and then use those tokens to impersonate the legitimate user. It can be done thru XSS, MITM attacks. Use HTTPS and HttpOnly cookies to secure tokens in transit and storage. Also use short-lived JWT tokens with refresh tokens for issuing new ones. Most importantly don't store sensitive Information in JWTs, such as passwords.
@@ByteMonk This is not just your video, but a lot of videos on youtube. They do not remove the low bass frequencys of the audio, so your voice is a bit hard to hear (your english is good, its just the low frequency makes it hard to hear). So the mic picks up low frequencys like rumble, or hands on the desk etc . I do not think you need a better mic, just some eq:n :)
I am finding this channel very useful to understand various concepts. Thanks!
Very crisp and detailed, very well explained about tampering.
Greatly underappreciated content. The most clear explanation I ever gotten.
Nice correlating between the mail and structure of JWT token !!!!
Thanks! Glad you liked the analogy.
Great explanation. 👏👏
good one, keep it up
wonderful and crystal clear examples man!!
You are awesome !
Thanks
excellent
Pls make a video on rtmp streaming architecture that handle scalability
Nice, I guess some basic knowledge is required for this. If possible make much lengthy video to explain from basics with example.
8:56 why do you use algorithm HS256 to encode header and payload? not use base64 as usual?
The algorithm used to encode the header and payload in JSON Web Tokens (JWTs) is typically specified in the "alg" (algorithm) claim within the header of the JWT. The most common algorithms used for encoding the header and payload are various HMAC (Hash-based Message Authentication Code) algorithms, including HS256 (HMAC-SHA256).
Base64 encoding, on the other hand, is commonly used to encode the resulting signature, which is created by hashing the concatenated header and payload with a secret key using the specified algorithm. The encoded header, payload, and signature are then combined with dots (.) to form the final JWT.
my notes - can be used to authenticate and authorize (@7:23)
Assuming backend just accept request that contain token. How can handle returned token from backend to use in all request of frontend(javaFX) that send to backend?
My problem is handling token in frontend.
How does the Api verify the token?
API can verify the token by validating the signature
Can someone (other websites/embedded script) steal JWT token from the browser and use it on my behalf? If so, how can that be prevented?
Yes, it's possible for unauthorized parties to steal JWT tokens from a browser under certain circumstances, and then use those tokens to impersonate the legitimate user. It can be done thru XSS, MITM attacks. Use HTTPS and HttpOnly cookies to secure tokens in transit and storage. Also use short-lived JWT tokens with refresh tokens for issuing new ones. Most importantly don't store sensitive Information in JWTs, such as passwords.
your explanation is going but going fast, some time not able to catch
I could hardly understand a word of it...
thanks for the feedback, I will work on my audio, meanwhile you can also enable subtitles, they are being generated properly.
You need a or a better mic. You might think it sounds good but it don't sound professional.
I got an external mic , but I think its how I am processing my audio and its being compressed, thanks for the feedback, I will work on it
@GoatCS he sounds perfectly fine.
Nope! His sounds pretty much enough
@@ByteMonk This is not just your video, but a lot of videos on youtube. They do not remove the low bass frequencys of the audio, so your voice is a bit hard to hear (your english is good, its just the low frequency makes it hard to hear). So the mic picks up low frequencys like rumble, or hands on the desk etc . I do not think you need a better mic, just some eq:n :)
@@AndrewTSq You are right, hope the audio quality of my recent videos has gotten better, please let me know otherwise. Thank you!