JWT Based Authorization
Posted Updated tech2 minutes read (About 236 words)

JWT Based Authorization

Ref

  1. JWT
  2. JSON Web Token Tutorial: An Example in Laravel and AngularJS

Usage

  • An open standard(RFC 7519) for transmitting encrypted, digitally signed JSON object information which can be verified and trusted.
  • Most common use is putting it in the Authorization header to authenticate request identity. Also a good fit for SSO authentication.

Structure

Header.Payload.Signature

Example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 // Header. Algorithm and type. Encoded in base64.
base64enc({  "alg": "HS256",
  "typ": "JWT"
}),
// Payload. Encoded in base64.
{ 
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true
},
// Signature.
// Use HMAC SHA256 algorithm to take the encoded header, the encoded payload, a secret, the algorithm specified in the header all together and sign that.
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

Properties in payload part is called claims. Standard claim names see here.

The signature is used to verify the message wasn’t tampered with along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.

Example JWT

Online playground here

Things to note

  • If claim exp is not set, then the JWT token will never expire.

JWT Based Authorization

https://blog-cdt1.vercel.app/2022/10/20/JWT-Based-Authorization/

Author

Chendongtian

Posted on

2022-10-20

Updated on

2023-08-04

Licensed under

#

Like this article? Support the author with

Comments

×