I have worked with OAuth and OpenID Connect a few times in the past, but a recent discussion brought to light that I didn’t really understand how it all worked. It was surprisingly difficult to hunt this down online, so I thought I would compile my research for anyone that is interested! Quick intro to JWTs and encryption: A JWT has the format {base64(header)}.{base64(payload).signature With symmetric encryption, every client and the token provider have a shared secret, which is used to hash the payload into a signature. Clients calculate the signature of the payload and verify the signature matches. With asymmetric encryption, the token provider keeps a private key and publishes a public key. The token provider hashes the payload and encrypts the hash into a signature. Clients use the public key to decrypt the signature and verify that matches the hash of the payload. The following attempts to explain how an OpenID Connect token provider digitally signs auth tokens, an
I just took and passed the Scrum.org Professional Scrum Master (PSM) I exam located at https://www.scrum.org/Assessments/Professional-Scrum-Master-Assessments/PSM-I-Assessment My Agile background: I had only been on one Agile team in my career for the 2 months prior to taking the exam. I have read the The Agile Samurai by Jonathan Rasmusson as part of an HMB book club years ago (not sure how much that helped for this exam). My preparation (a couple days...): Read both of these in entirety (both are free and only about 20 pages) The Scrum Master Training Manual https://amzn.com/B00V6468AU The official Scrum Guide: http://www.scrumguides.org/ Take the practice exam: https://www.scrum.org/Assessments/Open-Assessments About the test: 80 questions, 60 minutes - I was a little distracted when I took it at the office, but I took the entire 60 minutes down to the last few seconds and didn't have time to review my bookmarked questions. Make sure you have a s