In this video of code decode we have covered top 3 jwt interview questions for experienced and freshers canditates
Udemy Course of Code Decode on Microservice k8s AWS CICD link:
[ Ссылка ]
Course Description Video :
[ Ссылка ]
What is JWT?
JWT stands for JSON Web Token. It is a compact and self-contained way to represent information between two parties, typically used for securely transmitting information between a client and a server or between different services within a system. JWTs are often used in authentication and authorization scenarios.
A JWT is a string that consists of three parts separated by dots (.):
Header: The header typically consists of two parts: the token type (JWT) and the signing algorithm being used, such as HMAC SHA256 or RSA.
Payload: The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.
Signature: To create the signature part, you have to take the encoded header, encoded payload, a secret, and the algorithm specified in the header and sign that.
What kind of information should be put into JWT?
Minimize Sensitive Data: Avoid including sensitive information such as passwords or personal identification numbers in JWTs. JWTs are base64-encoded, and anyone with the token can decode and read its contents.
Keep it Compact: JWTs are meant to be compact and lightweight. Only include necessary information to avoid unnecessary overhead.
Avoid Redundancy: Some information might be redundant if it can be obtained from other sources, such as a user database.
Contextual Information: Include information that is relevant and needed for the particular interaction or use case. For authentication, including the user ID or roles might be sufficient.
Use Custom Claims: For application-specific data, use custom claims that are not predefined by the JWT standard.
What kind of information should be put into JWT?
Minimize Sensitive Data: Avoid including sensitive information such as passwords or personal identification numbers in JWTs. JWTs are base64-encoded, and anyone with the token can decode and read its contents.
Keep it Compact: JWTs are meant to be compact and lightweight. Only include necessary information to avoid unnecessary overhead.
Avoid Redundancy: Some information might be redundant if it can be obtained from other sources, such as a user database.
Contextual Information: Include information that is relevant and needed for the particular interaction or use case. For authentication, including the user ID or roles might be sufficient.
Use Custom Claims: For application-specific data, use custom claims that are not predefined by the JWT standard.
How does resource server validates a given JWT token? Does it need to go to auth server each time a token comes?
Most Asked Core Java Interview Questions and Answers: [ Ссылка ]
Advance Java Interview Questions and Answers: [ Ссылка ]
Java 8 Interview Questions and Answers: [ Ссылка ]
Hibernate Interview Questions and Answers:
[ Ссылка ]
Spring Boot Interview Questions and Answers:
[ Ссылка ]
Angular Playlist: [ Ссылка ]
SQL Playlist: [ Ссылка ]
GIT: [ Ссылка ]
Subscriber and Follow Code Decode
Subscriber Code Decode: [ Ссылка ]
LinkedIn : [ Ссылка ]
Instagram: [ Ссылка ]
#codedecode #microservicesInterviewQuestion #microservices
