Understanding JSON Web Tokens (JWT) in Web Development

Slide Note
Embed
Share

JSON Web Tokens (JWT) are a simple and commonly used type of token that is self-contained, meaning the data is stored within the token itself. They consist of three parts: Header, Payload, and Signature. JWTs are signed by the server using a secret key, allowing clients to read the data without being able to modify it. This technology provides a secure way to transmit information between parties in a web application. Claim names play a vital role in organizing and identifying the data within JWTs.

sigmund
sigmund Follow

Uploaded on Aug 01, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. JSON WEB TOKENS Peter Larsson-Green J nk ping University Autumn 2018

  2. JSON WEB TOKENS A simple and commonly used type of token. Specification: https://tools.ietf.org/html/rfc7519 Abbreviated JWT (announced jot). Is Self-Contained. The data is stored in the token (nothing is stored on the server). The client can read the data, but not change it. The server "signs" the data by hashing it with a secret (the hash is part of the token). The data is stored in JSON format.

  3. JSON WEB TOKENS Same as "alg" in the header! Consists of three parts. Header Payload Signature HMACSHA256( base64UrlEncode(header) +"."+ base64UrlEncode(payload), "server-secret" ) { { "alg": "HS256", "typ": "JWT" "exp": 1472840818, "name": "Betty", "admin": true } } base64UrlEncode( ) base64UrlEncode( ) aaaaaaaaaaaaaa.bbbbbbbbbbbbbbbb.ccccccccccccccc

  4. EXAMPLE Playground: https://jwt.io

  5. CLAIM NAMES The payload/data in the token consists of claims (key-value pairs). Some Registered Claim Names: iss - Issuer, identifies the one creating the token. sub - Subject, identifies the user accepting the token to be created. aud - Audience, identifies the client the token is intended for. iat - Issued At, timestamp for when the token was created. exp - Expired, timestamp for when the token expires. Public Claim Names: Add to IANA JSON Web Token Registry. Use a URI as name (your own domain). Private Claim Names: Use any name you want (can collide with names others use).

Related


Secure Your Angular App Using JWT and GraphQL

Secure Your Angular App Using JWT and GraphQL

keon511
Understanding JSON in Computer Science - Fundamentals and Applications

Understanding JSON in Computer Science - Fundamentals and Applications

gingerich_k
Exploring Experiments with Consuming JSON-LD and Primo's Linked Data

Exploring Experiments with Consuming JSON-LD and Primo's Linked Data

katheryn
Understanding User Identity and Access Tokens in Windows Security

Understanding User Identity and Access Tokens in Windows Security

lkyi
Integrating Hashicorp Vault with HTCondor for Secure Oauth Credential Management

Integrating Hashicorp Vault with HTCondor for Secure Oauth Credential Management

cmal
Understanding Session Management Challenges in Web Applications

Understanding Session Management Challenges in Web Applications

yahm_77
CAS 6.0 Update: Enhancements and New Features

CAS 6.0 Update: Enhancements and New Features

verbeck_l
Understanding JSON-LD Component in AEM Theme Management Committee

Understanding JSON-LD Component in AEM Theme Management Committee

alder
Understanding Ethereum Token Standards: ERC-20, ERC-721, and ERC-1155

Understanding Ethereum Token Standards: ERC-20, ERC-721, and ERC-1155

henley
Understanding LL(1) Grammars and Computing First & Follow Sets

Understanding LL(1) Grammars and Computing First & Follow Sets

beaut
ELECTRA: Pre-Training Text Encoders as Discriminators

ELECTRA: Pre-Training Text Encoders as Discriminators

zakariyah
Reactive Tokens and Prosodic Features in Korean Conversation Analysis

Reactive Tokens and Prosodic Features in Korean Conversation Analysis

prer879
Basic Web Security Model for Secure Electronic Commerce

Basic Web Security Model for Secure Electronic Commerce

ezikiel
Insights from OpenID Connect Success

Insights from OpenID Connect Success

aragon
Understanding APIs in Software Engineering

Understanding APIs in Software Engineering

dslag
Understanding REST in Delphi: A Comprehensive Overview

Understanding REST in Delphi: A Comprehensive Overview

lesl_353
Server-Side Technologies and Security Vulnerabilities in Mobile Services

Server-Side Technologies and Security Vulnerabilities in Mobile Services

alaysha
Overview of ASP.NET Tag Helpers in Web Applications

Overview of ASP.NET Tag Helpers in Web Applications

alg_sch
Introduction to Spring MVC with Template Engine

Introduction to Spring MVC with Template Engine

tayv_50
Comprehensive Software Testing Techniques and Agile Methodologies

Comprehensive Software Testing Techniques and Agile Methodologies

luid367
Understanding OpenID Federation for Trust Establishment

Understanding OpenID Federation for Trust Establishment

willem
Introduction to Web Development and Tools for Success

Introduction to Web Development and Tools for Success

nas_arq
Understanding Internet Basics and Web Browsers

Understanding Internet Basics and Web Browsers

riur595
Evolution of Freebase and the Google Knowledge Graph

Evolution of Freebase and the Google Knowledge Graph

alessandro

More Related Content