JWT HS256

🔥More exclusive content: https://productioncoder.com/you-decide-what-we-build-next Twitter: https://twitter.com/_jgoebel Website: https://jangoebel.com Blog: https://productioncoder.com 00:00 HS256 algorithm with JSON Web Tokens 00:42 creating a Message Authentication Code with HS256 01:32 verifying Message Authentication Codes (MAC) with HS256 and JWTs 02:04 HS256 and shared secrets HS256 is an algorithm that is used to generate the Message Authentication Code at the end of a JSON Web Token - specifically a JSON Web signature token. The idea is that you make a secret which you use to generate an HMAC out of the base64-url encoded header and the base64-url encoded claim set. The result of this HMAC operation is then also base64-url encoded and appended to the JSON Web Signature token as the last part. HS256 produces a Message Authentication Code and not a digital signature because to verify the HMAC, you need to be in possession of the same key that generated the original HMAC. HS256 is using HMAC with the SHA256 hash function to generate the Message Authentication Code. Since it is not leveraging a public key cryptosystem, it only produces a MAC and not a digital signature. At the same time, HS256 does not provide the property of non-repudiation like RS256 or HS256.