JSON Web Token (JWT) is an open standard for secure transmission of information between two parties as a JavaScript Object Notation (JSON) object. JWT is used for authentication and authorization. Because JWT enables single sign-on (SSO), it minimizes the number of times a user has to log on to cloud applications and websites.
How JWT works
A JWT consists of three parts: a header, a payload, and a signature.
-
The header usually consists of two parts: type (typ) and algorithm (alg). The algorithm is used to generate the signature.
-
The payload is a JSON object that consists of the claims that you want to make. Claims are statements about an entity (usually the user) and additional metadata.
-
The signature is used to verify the identity of the JWT sender and to ensure that the message has not been tampered with.
Authentication is performed by verifying the signature. If the signature is valid, access is granted to Qlik Sense.
Limitations
The following limitations exist:
-
Encrypted JWTs are not supported.
-
Only the following signing algorithms are supported:
-
RS256 - RSA signature with SHA256
-
RS384 - RSA signature with SHA384
-
RS512 - RSA signature with SHA512
Learn more
-
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!