Reputation: 927
What's use of header part of JWT token?
What's the use of header part of JWT(https://jwt.io) ? I found that if you removed that header part of it? It doesn't lose its security.
If JWT contains only two part, payload and signature: yyyy.zzzz instead of xxxx.yyyy.zzzz. You can still use the algorithm to check if yyyy matches zzzz after hashing.
Upvotes: 0
Views: 342
Answers (1)
Reputation: 39291
The header describe the cryptographic operations applied to the JWT: encryption (JWE) or signature/mac (JWS), and also could contain some additional properties like content type (cty)
The typ parameter will typically not be used by applications when it is already known that the object is a JWT. It is useful to disambiguate when the application can receive data structures that can contain JWTs
{"typ":"JWT",
"alg":"HS256"}
The alg parameter describe the algorithm used to digitally sign/MAC the JWT, and enc contains the encryption algorithm (if used JWE). This parameters can be used for JWT implementations to decode and verify the token property, but if the usage context is fixes may be ignored.
Upvotes: 2
Related Questions
- Why header and payload in the JWT token always starts with eyJ
- JWT authentication. Use "Bearer_$tokenValue" or "Bearer $tokenValue"?
- JSON Web Token (JWT): should I use response header or body for token transportation?
- Why Include Header and Payload in JWT Token?
- Why send algorithm in jwt header
- Why is there a JWT (JSON Web Token) prefix on token? Re: JsonWebTokenError: invalid token
- Why should I send token in `Authorization: Bearer ` header?
- What is the purpose of the JWT header parameter?
- Understanding JSON Web Token (JWT) in context of web authentication
- Is the JOSE Header a mandatory part of a JWT token