search

dwyl / learn-json-web-tokens

:closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)
MIT License
4.18k stars 254 forks source link

Update README.md to clarify need for strong signing key #98

Closed tvanfosson closed 5 years ago

tvanfosson commented 5 years ago

The original text implied that decoding a JWT was dependent on the uniqueness of the signing key. In fact JWTs are Base-64 encoded and trivially easy to decode. This change updates it to indicate that a strong signing key makes it difficult to impossible to modify a JWT to add/change claims and generate a new, valid signature.

codecov[bot] commented 5 years ago

Codecov Report

Merging #98 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##           master    #98   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           1      1           
  Lines          97     97           
  Branches        8      8           
=====================================
  Hits           97     97

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 68ec8da...ab0a9a4. Read the comment docs.