Week 10

Security Mindset

Handling Sensitive Data

Authentication & Authorization

Session Management

JWT

Spring Security

Practice

Assignment

Back end Track

Under construction

<aside> ๐Ÿšง

This page is currently under construction. Please check back later.

</aside>

Implementation plan:

  1. What is JWT โ€” a self-contained, stateless token
  2. Why JWT exists โ€” solving the stateful session problem
  3. JWT structure: header, payload, signature
  4. How signing works โ€” the server signs, then verifies (HMAC or RSA)
  5. Standard claims: sub, iss, exp, iat
  6. Custom claims: adding roles, user info
  7. JWT lifecycle: issuance on login, sent with each request, verification on the server
  8. Token expiration and why short-lived tokens matter
  9. Access tokens vs refresh tokens โ€” why both exist, the refresh flow
  10. Where to store tokens on the client (localStorage vs cookies โ€” trade-offs)
  11. JWT limitations: can't be revoked easily, token size, payload is readable (base64, not encrypted)
  12. Session-based vs JWT-based: comparison and when to use which
  13. Exercise: decode a JWT on jwt.io and identify its parts

The HackYourFuture curriculum is licensed underย CC BY-NC-SA 4.0 *https://hackyourfuture.net/*

CC BY-NC-SA 4.0 Icons

Built with โค๏ธ by the HackYourFuture community ยท Thank you, contributors

Found a mistake or have a suggestion? Let us know in the feedback form.