Json Web Tokens TEST

A JWT consists of threee parts:

• Header - key-value pairs containing information about the signing algorithm used.
• Payload - key-value pairs representing any arbitrary data.
• Signature - the signed representation of the payload and header data.

The header and payload are base64 encoded and concatenated with a period separator. The signature is then generated using the header and payload and a secret key. This signature is then appended to the JWT.
The payload data can be used to store information about the user or session.
The payload and header are not encrypted so can be freely viewed by anybody.
The signature is used to verify that the JWT has not been tampered with.

Json Web Keys

JWKs are a JSON representation of a public key. These can be published freely without risk and so can be requested without any authentication.
The Json Web Token payload contains an ID (kid) that can be used to lookup the corresponding JWK that should be used for signature validation.