jwt   2253

« earlier    

JSON Web Token (JWT) explained
Learn the basics of JWT and how to use them
3 hours ago by ElliotPsyIT
JWT authentication: When and how to use it
Learn when JWT when is best used, when it's best to use something else, and how to prevent the most basic security issues.
authentication  jwt 
4 hours ago by program247365
JSON Web Token - Wikipedia
JSON Web Token (JWT, sometimes pronounced /dʒɒt/[1]) is a JSON-based open standard (RFC 7519) for creating access tokens that assert some number of claims. For example, a server could generate a token that has the claim "logged in as admin" and provide that to a client. The client could then use that token to prove that it is logged in as admin.

JWT relies on other JSON-based standards: JWS (JSON Web Signature) RFC 7515 and JWE (JSON Web Encryption) RFC 7516

Whenever the user wants to access a protected route or resource, the user agent should send the JWT, typically in the Authorization header using the Bearer schema. The content of the header might look like the following:
Authorization: Bearer eyJhbGci...<snip>...yu5CSpyHI
This is a stateless authentication mechanism as the user state is never saved in server memory.
jwt  security  json 
yesterday by jojobong
5 Easy Steps to Understanding JSON Web Tokens (JWT)
Simply put, a JWT is just a string with the following format:

- header provides instructions on how to compute the signature
- payload is json content ('claims' - name/value pairs)
- signature is hash of base64(header) + "." + base64(data) a using secret key

- User is authenticated
- JWT is generated and returned to user
- User passes JWT when making API calls
- Application verifies and processes API call

It is important to understand that the purpose of using JWT is NOT to hide or obscure data in any way.
The reason why JWT are used is to prove that the sent data was actually created by an authentic source.
The data inside a JWT is encoded and signed, NOT encrypted.
It should also be noted that JWT should be sent over HTTPS connections (not HTTP).
jwt  security  json 
yesterday by jojobong
What is JWT ? JSON Web Token Explained
- Compact (send via URL, POST or http header)
- Fast transmission (more usable)
- Token contains all required info about user (session), no DB lookup
- Uses
- Authentication
- Information exchange
Structure (aaaa.bbbb.cccc)
- Header
- Payload
- Signature
- alg(orithm)
- typ(e of webtoken)
- base64 encoded for form 'a' part
- Claims (user details/metadata)
- base 64 encoded to form 'b' part
- based64 header + base64 payload + secret
- secret ensures payload cannot be manipulated in transit
1. client sends login credentials via http post
2. if valid, server generates jwt with secret
3. client sends jwt on all subsequent requests
4. signature is verified against payload
jwt  security  json 
yesterday by jojobong
JSON Web Tokens - jwt.io
live jwt demo, shows that tampering 'breaks' payload (i.e. jwt no longer verifies on server)
jwt  security  json 
2 days ago by jojobong
7 minutes: Create a Node API with JWT's (json web tokens)
authenticated login -> issue token -> expect token on subsequent requests

npm install express jsonwebtoken
setup routes via app.get('/blah')
creates protected route
var jwt = require('jsonwebtoken')
jwt.sign({user}, 'my_secret_key');
jwt.verify(req.token, 'my_secret_key');
app.get('/api/protected',ensureToken, function(req, res) {
node.js  jwt  security  json 
2 days ago by jojobong
How does JWT (json web token) work
Client wants to access web data on a server
Server does not trust client
Client authenticates itself against server
Server generates a token to be used by client for any subsequent request
Server validates any tokens it receives in future requests
jwt  security  json 
2 days ago by jojobong

« earlier    

related tags

2019  ad  agency  and  angular  angular2  api  architecture  archive  aspnetcore  auth  auth0  authenticate  authentication  authn  authorisation  authorization  authz  aws  bestpractices  blazor  blog  coding  comparison  cookie  cookies  criticism  dev  development  devise  did  discussion  drupal  ecosystem  elixir  encrypt  ethereum  expressjs  foundation  future  giants  golang  identity  ifttt  innovation  instapaper  integration  java  javascript  jose  js  json-web-token  json  lambda  libraries  library  load-balancing  local  localstorage  media  merges  metamask  micronaut  microservices  milestone  node.js  node  nodejs  oath  oauth  oauth2  okta  openbanking  permission  phoenix  phoenixframework  pocket  programming  protocol  rails  refresh  report  ruby  salesforce  salesforce_blog  saml  saml2  security  session  sessions  sinatra  spring-security  spring  springboot  storage  token  tokens  uport  vue  vuejs  web  webdev  webtokens  workers  wpp  wunderman 

Copy this bookmark: