12 lines
621 B
Plaintext
12 lines
621 B
Plaintext
JSON Web Token is described in https://tools.ietf.org/html/rfc7519.
|
|
Mojo::JWT implements that standard with an API that should feel
|
|
familiar to Mojolicious users (though of course it is useful
|
|
elsewhere). Indeed, JWT is much like Mojolicious::Sessions except
|
|
that the result is a url-safe text string rather than a cookie.
|
|
|
|
In JWT, the primary payload is called the claims, and a few claims
|
|
are reserved, as seen in the IETF document. The header and the
|
|
claims are signed when stringified to guard against tampering. Note
|
|
that while signed, the data is not encrypted, so don't use it to
|
|
send secrets over clear channels.
|