fix superfluous word 'token' when writing JWT (#7426)

pull/7427/head
Abdul Samad Shaikh 1 month ago committed by GitHub
parent 9b952b9afe
commit 2571a7c52e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 4
      public/roadmap-content/full-stack.json
  2. 4
      src/data/best-practices/api-security/api-security.json
  3. 2
      src/data/best-practices/api-security/content/jwt-algorithm.md
  4. 2
      src/data/best-practices/api-security/content/jwt-payload.md
  5. 2
      src/data/best-practices/api-security/content/payload-size.md
  6. 4
      src/data/guides/backend-project-ideas.md
  7. 2
      src/data/projects/expense-tracker-api.md
  8. 2
      src/data/projects/fitness-workout-tracker.md
  9. 8
      src/data/projects/image-processing-service.md
  10. 2
      src/data/projects/todo-list-api.md
  11. 2
      src/data/roadmaps/full-stack/content/jwt-auth@vHojhJYjiN0IwruEqi1Dv.md

@ -381,7 +381,7 @@
}, },
"vHojhJYjiN0IwruEqi1Dv": { "vHojhJYjiN0IwruEqi1Dv": {
"title": "JWT Auth", "title": "JWT Auth",
"description": "JWT stands for JSON Web Token is a token-based encryption open standard/methodology that is used to transfer information securely as a JSON object. Clients and Servers use JWT to securely share information, with the JWT containing encoded JSON objects and claims. JWT tokens are designed to be compact, safe to use within URLs, and ideal for SSO contexts.\n\nVisit the following resources to learn more:", "description": "JWT stands for JSON Web Token is a token-based encryption open standard/methodology that is used to transfer information securely as a JSON object. Clients and Servers use JWT to securely share information, with the JWT containing encoded JSON objects and claims. JWTs are designed to be compact, safe to use within URLs, and ideal for SSO contexts.\n\nVisit the following resources to learn more:",
"links": [ "links": [
{ {
"title": "jwt.io Website", "title": "jwt.io Website",
@ -874,4 +874,4 @@
"description": "If you remember, earlier in the roadmap, you manually logged into the AWS console and had to setup the services. Now that you know terraform, go ahead and automate the process of creating the infrastructure for your application using terraform and with that your deployments will be fully automated i.e., you should have:\n\n* Infrastructure setup using terraform\n* Provisioning using Ansible\n* CI/CD using GitHub Actions\n* Monitoring using Monit\n\nAnd that is it! You have successfully completed the roadmap and are now a full-stack developer. Congratulations! 🎉\n\nWhat's next?\n------------\n\nGo ahead and build something cool! Share your learnings with the community and help others learn as well. If you have any questions, feel free to join our [discord server](https://roadmap.sh/discord) and ask away!", "description": "If you remember, earlier in the roadmap, you manually logged into the AWS console and had to setup the services. Now that you know terraform, go ahead and automate the process of creating the infrastructure for your application using terraform and with that your deployments will be fully automated i.e., you should have:\n\n* Infrastructure setup using terraform\n* Provisioning using Ansible\n* CI/CD using GitHub Actions\n* Monitoring using Monit\n\nAnd that is it! You have successfully completed the roadmap and are now a full-stack developer. Congratulations! 🎉\n\nWhat's next?\n------------\n\nGo ahead and build something cool! Share your learnings with the community and help others learn as well. If you have any questions, feel free to join our [discord server](https://roadmap.sh/discord) and ask away!",
"links": [] "links": []
} }
} }

@ -1368,7 +1368,7 @@
"y": "0", "y": "0",
"properties": { "properties": {
"size": "20", "size": "20",
"text": "Keep the payload small to reduce the size of the JWT token" "text": "Keep the payload small to reduce the size of the JWT"
} }
} }
] ]
@ -4374,4 +4374,4 @@
}, },
"dependencies": [], "dependencies": [],
"projectID": "file:///Users/dan/Library/Application%20Support/Balsamiq%20Wireframes/UnsavedFiles/New%20Project%201.bmpr" "projectID": "file:///Users/dan/Library/Application%20Support/Balsamiq%20Wireframes/UnsavedFiles/New%20Project%201.bmpr"
} }

@ -2,4 +2,4 @@
> Do not extract the algorithm from the header, use backend. > Do not extract the algorithm from the header, use backend.
Extracting the algorithm from the header of a JWT token can pose a security risk, as an attacker could modify the algorithm and potentially gain unauthorized access. It is therefore recommended to verify the algorithm on the backend rather than extracting it from the header. This can help ensure that the algorithm used to sign and verify the token is secure and has not been tampered with. Extracting the algorithm from the header of a JWT can pose a security risk, as an attacker could modify the algorithm and potentially gain unauthorized access. It is therefore recommended to verify the algorithm on the backend rather than extracting it from the header. This can help ensure that the algorithm used to sign and verify the token is secure and has not been tampered with.

@ -2,4 +2,4 @@
> Avoid storing sensitive data in JWT payload > Avoid storing sensitive data in JWT payload
Storing sensitive data in a JWT token payload can increase the risk of data breaches and other security incidents. If an attacker is able to obtain or tamper with the token, they could potentially access the sensitive data stored in the payload. Storing sensitive data in a JWT payload can increase the risk of data breaches and other security incidents. If an attacker is able to obtain or tamper with the token, they could potentially access the sensitive data stored in the payload.

@ -1,5 +1,5 @@
# JWT Payload Size # JWT Payload Size
> Avoid storing large payloads in JWT tokens > Avoid storing large payloads in JWTs
A smaller payload can reduce network overhead, improve processing speed, and decrease the risk of attacks aimed at overloading the system. A smaller payload can reduce network overhead, improve processing speed, and decrease the risk of attacks aimed at overloading the system.

@ -104,7 +104,7 @@ At the same time, when you “set” the value in the cache, you can also give i
For the last of our “easy” backend projects, let’s cover one more API, an expense tracker API. This API should let you: For the last of our “easy” backend projects, let’s cover one more API, an expense tracker API. This API should let you:
- Sign up as a new user. - Sign up as a new user.
- Generate and validate JWT tokens for handling authentication and user session. - Generate and validate JWTs for handling authentication and user session.
- List and filter your past expenses. You can add the following filters: - List and filter your past expenses. You can add the following filters:
- Past week. - Past week.
- Last month. - Last month.
@ -205,7 +205,7 @@ For this one, you’ll have to keep in mind everything we’ve been covering so
With that in mind, let’s take a look at the responsibilities of this system: With that in mind, let’s take a look at the responsibilities of this system:
- JWT token creation and validation to handle authorization. - JWT creation and validation to handle authorization.
- Ability to create new users. - Ability to create new users.
- Shopping cart management, which involves payment gateway integration as well. - Shopping cart management, which involves payment gateway integration as well.
- Product listings. - Product listings.

@ -32,7 +32,7 @@ Build an API for an expense tracker application. This API should allow users to
Here are the features that you should implement in your Expense Tracker API: Here are the features that you should implement in your Expense Tracker API:
- Sign up as a new user. - Sign up as a new user.
- Generate and validate JWT tokens for handling authentication and user session. - Generate and validate JWTs for handling authentication and user session.
- List and filter your past expenses. You can add the following filters: - List and filter your past expenses. You can add the following filters:
- Past week - Past week
- Past month - Past month

@ -37,7 +37,7 @@ You should write a data seeder to populate the database with a list of exercises
### User Authentication and Authorization ### User Authentication and Authorization
Users will be able to sign up, log in, and log out of the application. You should use JWT tokens for authentication and authorization. Only authenticated users should be able to create, update, and delete workout plans. Needless to say, users should only be able to access their own workout plans. Users will be able to sign up, log in, and log out of the application. You should use JWTs for authentication and authorization. Only authenticated users should be able to create, update, and delete workout plans. Needless to say, users should only be able to access their own workout plans.
- **Sign-Up**: Allow users to create an account. - **Sign-Up**: Allow users to create an account.
- **Login**: Allow users to log in to their account. - **Login**: Allow users to log in to their account.

@ -35,7 +35,7 @@ Here is the list of features that you should implement in this project:
- **Sign-Up**: Allow users to create an account. - **Sign-Up**: Allow users to create an account.
- **Log-In**: Allow users to log into their account. - **Log-In**: Allow users to log into their account.
- **JWT Authentication**: Secure endpoints using JWT tokens for authenticated access. - **JWT Authentication**: Secure endpoints using JWTs for authenticated access.
### Image Management ### Image Management
@ -75,7 +75,7 @@ POST /register
"password": "password123" "password": "password123"
} }
``` ```
Response should be the user object with a JWT token. Response should be the user object with a JWT.
Log in an existing user: Log in an existing user:
@ -86,7 +86,7 @@ POST /login
"password": "password123" "password": "password123"
} }
``` ```
Response should be the user object with a JWT token. Response should be the user object with a JWT.
### Image Management Endpoints ### Image Management Endpoints
@ -149,4 +149,4 @@ GET /images?page=1&limit=10
<hr /> <hr />
This project will help you understand how to build a scalable image processing service with user authentication and image transformation capabilities. You can use this project to showcase your backend development skills and learn about image processing techniques. This project will help you understand how to build a scalable image processing service with user authentication and image transformation capabilities. You can use this project to showcase your backend development skills and learn about image processing techniques.

@ -77,7 +77,7 @@ This will validate the given details, make sure the email is unique and store th
} }
``` ```
The token can either be a JWT token or a random string that can be used for authentication. We leave it up to you to decide the implementation details. The token can either be a JWT or a random string that can be used for authentication. We leave it up to you to decide the implementation details.
### User Login ### User Login

@ -1,6 +1,6 @@
# JWT # JWT
JWT stands for JSON Web Token is a token-based encryption open standard/methodology that is used to transfer information securely as a JSON object. Clients and Servers use JWT to securely share information, with the JWT containing encoded JSON objects and claims. JWT tokens are designed to be compact, safe to use within URLs, and ideal for SSO contexts. JWT stands for JSON Web Token is a token-based encryption open standard/methodology that is used to transfer information securely as a JSON object. Clients and Servers use JWT to securely share information, with the JWT containing encoded JSON objects and claims. JWTs are designed to be compact, safe to use within URLs, and ideal for SSO contexts.
Visit the following resources to learn more: Visit the following resources to learn more:

Loading…
Cancel
Save