JWT (JSON Web Token) is an encoded JSON token that is commonly used in REST API security for authentication and authorization. Therefore, the correct answer is D - "an encoded JSON token that is used for authentication".
Forgot that some people at the aforementioned company let's say don't have perfect English. If the manual states: " When a user authenticates with a REST API, the server generates a JWT token that contains user information, such as the user ID and access privileges. " that means it's not used for authentication , means token is THE RESULT of authentication and it means it's used for authorization
Option C could also be considered correct because JWTs are indeed used to securely exchange information, but in the specific context of REST API security, D is the most accurate answer.
JWT, or JSON Web Token, is an encoded JSON token that is used to securely exchange information. It is a compact and self-contained way for securely transmitting information between parties as a JSON object. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA. They are commonly used for authentication and authorization in REST API security
2
3
. Therefore, the correct definition of JWT in regard to REST API security is:
C. an encoded JSON token that is used to securely exchange information
Option D is not the best choice because while JWTs can be used for authentication, they are not limited to that purpose. JWTs are designed to be a compact, self-contained way of securely transmitting information between parties as a JSON object. This makes them suitable for a wide range of use cases, including authentication, authorization, and information exchange. Therefore, it is more accurate to describe JWTs as an encoded JSON token that is used to securely exchange information, rather than exclusively for authentication.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
JWT, which stands for JSON Web Token, is a technique defined in RFC 7519 for remote authentication between two parties. It is one of the most used ways to authenticate users in RESTful APIs.
What is JSON Web Token?
JWT (JSON Web Token) is an industry standard RCT 7519 method for performing two-party authentication via a signed token that authenticates a web request. This token is a Base64 code that stores JSON objects with the data that allow authentication of the request.
https://www.devmedia.com.br/como-o-jwt-funciona/40265
this is what my AI friend says on this matter: Both statements are correct. JWTs are used to securely transmit information between parties as a JSON object . This information can include authentication and authorization data, allowing the recipient to verify the identity of the sender and determine what resources they have access to . So while JWTs can be used for securely exchanging information, they are primarily used for authentication and authorization purposes.
D. an encoded JSON token that is used for authentication
JSON Web Tokens (JWT) is an open standard for securely transmitting information between parties as a JSON object. In the context of REST API security, JWT is typically used for authentication purposes. It is a compact, URL-safe means of representing claims to be transferred between two parties.
When a user authenticates with a REST API, the server generates a JWT token that contains user information, such as the user ID and access privileges. The token is then sent to the client, typically in the form of an HTTP header, and is included in subsequent requests to the API.
The server then validates the token to ensure that it was issued by a trusted authority and that it has not been tampered with. If the token is valid, the server grants access to the requested resources. If the token is invalid or has expired, the server denies access to the resources.
Therefore, the correct definition of JWT in regard to REST API security is that it is an encoded JSON token that is used for authentication.
JSON Web Token (JWT) is an open standard ( RFC 7519 ) that defines a compact and self-contained way for securely transmitting information between parties as a JSON
I still think the answer is D. JWT provides authentication, but technically it does not in itself provide security to the information that is being exchanged, because without HTTPS (TLS), the information can still be intercepted and the JWT can be stolen. But please correct me if I'm wrong!
upvoted 3 times
...
...
...
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ciscoman021
Highly Voted 2 years agoMimon
Most Recent 1 week, 5 days agozbeugene7
6 months, 3 weeks agozbeugene7
6 months, 3 weeks agoElmir42
9 months, 1 week agoIgorLVG
9 months, 3 weeks ago[Removed]
1 year ago[Removed]
1 year, 3 months agoStarlord2535
1 year, 4 months agoPassRon
1 year, 4 months agodropspablo
1 year, 10 months agodropspablo
1 year, 10 months agoespandrews
1 year, 11 months agoespandrews
1 year, 11 months agoZortex
2 years, 1 month agodanny43213
2 years, 2 months ago[Removed]
2 years, 6 months agosplashy
2 years, 7 months agosplashy
2 years, 6 months agooatmealturkey
2 years, 2 months ago