Reading 11 Authentication - liz-kavalski-401-advanced-javascript/seattle-javascript-401n13 GitHub Wiki

A method of HTTP that require a user name and password to make a request.
What is a base64 encoding?
Has a Header
Browser needs to cache credentials for a reasonable period of time to avoid constantly prompting the user for their username and password.
HTTP dose not provide a method that instruct the client to 'log out'
- There are methods to clear cache
Dose the advoid thing for URL actual works?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
- what a RFC 7519? *Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. *Should be used for Authorization and Information Exchange.
Has a header, payload and signature example: xxxxx.yyyyy.zzzzz
The header has two parts: the token and the signing algorithm being used.
The payload which is the claims.
- Claimes are statement about the an entity(user) and addional data.
There are three different type of claims:registered, public, and private claims.
- Registered:set of predefined claims which are not mandatory but recommended, to provide a set of useful, interoperable claims.
- Public:These can be defined at will by those using JWTs or be defined as a URI that contains a collision resistant namespace.
- Private: custom claims created to share information between parties that agree on using them and are neither registered or public claims.
Signature is used to verify the message wasn't changed along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.
the user agent should send the JWT,- normally a Authorization header.
Is smaller snd more compact then other systems
More safe and common.