digital-knowledge-garden

src

APIs

Google Calendar API

AWS

Certifications

AZ-400 Designing and Implementing Microsoft DevOps Solutions

Cloud

AWS

Services

Tools

Azure

Development

Developer Productivity

Development Environment Setup

DevOps

Documentation

DotNet

CLI

dotnet list package

Libraries

EntityFramework

Email Templates

Knowledge Sharing

Engineering Management

Change Management

Community Of Practice

Developer Experience

Effective Meetings

Engineering Management

High Performing Teams

Incident Management

Manage for Better Results

Psychological Safety

Software Development Strategy

Ways of Working

FeatureManagement

Microsoft.FeatureManagement

Frontend

Goals

Continous Learning

Continuous Improvement

Knowledge Sharing

How-to

Build and Run a Container with Docker

Change host file on Windows

Create IIS Websites

Create Self-Signed Certificate

Creating a permanent PowerShell Alias using Set-Alias

Install multiple NodeJS Versions

Measure Method Elapsed Time with CSharp

Run a tool globally on Windows

Technical Support

Performance

Security

Secure Code Warriors

Technology

Coding Exercise

Testing

Playwright using .NET

Playwright using TypeScript

Tools

Microsoft Application Inspector

Troubleshooting

Windows Terminal

Encryption

A JWT is a set of claims (JSON property–value pairs) that together make up a JSON object.

It consists of three parts:
1. Header: Consists of two properties: { "alg": "HS256", "typ": "JWT" }. alg is the algorithm that is used to encrypt the JWT.
2. Payload: This is where the data to be sent is stored; this data is stored as JSON property–value pairs.
3. Signature: This is created by encrypting, with the algorithm specified in the header:
  (i) the base64Url-encoded header,
  (ii) base64Url-encoded payload
  (iii) a secret (or a private key)
Format: {header}.{payload}.{signature}

https://openid.net/specs/draft-jones-json-web-token-07.html#ExampleJWT

Symmetric key and asymmetric keys

A JWT can be encrypted using either a symmetric key (shared secret) or asymmetric keys (the private key of a private–public pair).

Symmetric key: Both encryption (JWT signing) and verification are done with the symmetric key—also known as the shared secret.
Asymmetric keys: The encryption (JWT signing) is done with the private key, and verification is done with the public key.

Tools

https://jwt.io/
https://token.dev/

Reference
A Beginner's Guide to JWTs for more information
https://openid.net/
https://aws.amazon.com/kms/
https://altostra.com/blog/asymmetric-jwt-signing-using-aws-kms
https://security.stackexchange.com/questions/188552/amazon-aws-kms-concept-of-signing-in-general-and-with-jwt

Table Of Contents