Tag: jwt

How big can you make a JWT?

There’s been a lot of JWT related discussions at work lately and today I wondered how big is too big for a JWT to fit through an HTTP header. The HTTP spec doesn’t really impose a limit but most servers do set a limit that range between 8K – 16K bytes. I figured I can […]

Stateful vs Stateless JWT’s

JSON Web Tokens (JWTs) are cryptographically signed JSON objects. The crypto signing is what provides the trust guarantees since consumers of a JWT can verify the signature using a public key. Now there’s two types of JWT’s: stateful and stateless jwt’s. Stateless JWT’s are probably the most common JWT. All the information needed by the […]

Why can’t you tamper with a JWT?

JWT tokens are a very popular way of transmitting claims information between systems. It’s based on a public key system so that the claims can be verified and the verifier can be confident that the claim was issued by a trusted entity. Microservice architectures will commonly use the claims to perform access control. For example, […]