JWT Access Token

JWT Access Token

  • Platform
  • Evoq Content
  • Evoq Engage

The decoded access token is comprised of three parts separated by dots.


    header.payload.signature
            
Component Description
JWT header A JSON object containing the JWT protocol identifier and the signature scheme. The header is converted to a JavaScript Object Signing and Encryption (JOSE) header as UTF-8 octets and then encoded as a Base64 string. Example:

    {
     "typ":"JWT",
     "alg":"HS256"
    }
                        
JWT payload A JSON object that contains the JWT claims set (asserted information about the user) or other information. Encoded as a Base64 string. The DNN JWT claims set includes the following:
  • sid is the session id, which is fixed for the lifetime of the renewal token.
  • role is the list of roles assigned to the user. Used in authorization to determine which areas of the site the user can access.
  • iss is the portal alias of the site that issued the token.
  • exp is the expiration time of the access token. The token is rejected after this time (plus a small grace period). Expressed as Unix time.
  • nbf is the "not-before" time. The token is rejected before this time. Expressed as Unix time.
Example:

    {
     "sid":"eecb9bf34bbb4c8eb87dbba3aa1523c6",
     "role":["Administrators","Registered Users","Subscribers"],
     "iss":"testsitece.lvh.me",
     "exp":1450834762,
     "nbf":1450830862
    }
                        
JWT signature The hash/encryption of the header and payload. The encryption method is stated in the header. Encoded as a Base64 string.

The new access token is valid for one hour.

Comments

0 comments

Please sign in to leave a comment.