Sunday, January 24, 2016

JWT: JSON Web Tokens (for Authentication & Authorization)

JSON Web Tokens - jwt.io
"JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
JWT.IO allows you to decode, verify and generate JWT."


HEADER:ALGORITHM & TOKEN TYPE
{
"alg": "HS256",
"typ": "JWT"
}

PAYLOAD:DATA
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}

VERIFY SIGNATURE
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), ) secret 

base64 encoded, separated by dots

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

course: Introduction to OAuth2, OpenID Connect and JSON Web Tokens (JWT) | Pluralsight

The Anatomy of a JSON Web Token | Scotch

JSON Web Token - Wikipedia, the free encyclopedia