Signing the JWT
Last updated
Was this helpful?
Last updated
Was this helpful?
Koppeltaal uses JWTs in several places. For the dev guide, two places are good to know about:
For that provides access to the Koppeltaal server.
For performing a using or .
JWT stands for JSON Web Token. A practical explanation of how a JWT works can be found . An important piece is:
In its compact form, JSON Web Tokens consist of three parts separated by dots (
.
), which are:
Header
Payload
Signature
Therefore, a JWT typically looks like the following.
xxxxx.yyyyy.zzzzz
The signing of the JWT takes place in the third part of the JWT: the signature (zzzzz
in the example above). Koppeltaal uses asymmetric key pairs to sign the JWTs. The signature part is encrypted using the private key of the asymmetric key pair. The public-key part is published at the endpoint. This proves that a JWT is signed by a party in possession of the private-key. Signing the JWT is most easily performed using a JWT library for the relevant programming language.