Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.

JSON Web Token(JWT) is a self-contained way to securely transmit data and information between two parties using a JSON object. In this article, we’ll dive into the structure of JWTs and how they work.

WHAT IS JWT?
JWT(JSON Web Token) is a compact, URL…


This content originally appeared on DEV Community and was authored by adewaleomosanya

JSON Web Token(JWT) is a self-contained way to securely transmit data and information between two parties using a JSON object. In this article, we'll dive into the structure of JWTs and how they work.

WHAT IS JWT?
JWT(JSON Web Token) is a compact, URL-safe token that is used to securely transmit information between two parties.JWT can be signed and verified, ensuring that the information is authentic and hasn't been altered.

However, JWT should be used mainly for authorization rather than authentication.In other words,JWT helps manage permissions for users who are already authenticated.Once a user logs in,the server generates a JWT containing information about the user,and the client uses this token in requests.Each time the client sends a request,the server validates the JWT to authorize the user.

JSON Web Token Structure
A JWT has a standard structure that consists of three parts,separated by dots(.).This structure can be broken down as:
aaaaaaa.bbbbbbb.ccccccc

  1. Header(a)
  2. Payload(b)
  3. Signature(C)

Therefore, a Json web token being sent between the client and the server may look like the above illustration but instead of A's , B's and C's those will be unique characters for that specific client.

JWT Header

The header is the first part of a JWT. It contains two key pieces of information:

  • The algorithm used for signing (e.g., HS256, RS256)

  • The type of token (JWT)
    A typical JWT header looks like this:

{
  "alg": "HS256",
  "typ": "JWT"
}

The header is then Base64Url encoded to create the first part of the JWT(a).

JWT PAYLOAD

A JWT Payload consist of a data. The Payloads data contains claims,and there are three different types of claims.
1. Registered
2. Public
3. Private
An example of a JWT payload could be:

{
  "sub": "1234567890",
  "name": "Eric Charles",
  "given_name": "Eric",
  "family_name": "Charrles",
  "email": "Ericcharles@gmail.com",
  "admin": true
}

The payload is also Base64Url encoded to create the second part of the JWT.

JWT Signature

A JWT Signature is created by using the algorithm in the header to hash out the encoded header, encoded payload with a secret.
The secret can be anything, but is saved somewhere on the server that the client does not have access to
The signature is the third and final part of a JWT (c).

HMACSHA256(
  base64UrlEncode(header) + "." + base64UrlEncode(payload),
  secret
)

This results in the third part of the JWT.

How JWT Works in Practice

Here’s how JWT-based authorization typically works:

  • User Logs In: The user provides their credentials, which are verified by the server.

  • JWT Issued: Upon successful authentication, the server generates a JWT and sends it back to the client. This token contains all the information needed to identify the user and their permissions.

  • Client Stores JWT: The client stores the JWT (usually in local storage or cookies).

  • Client Makes Requests: For future requests, the client sends the JWT in the Authorization header like this:

Authorization: Bearer <JWT_TOKEN>

  • Server Verifies JWT: The server verifies the JWT using the secret key. If the token is valid and hasn't expired, the server processes the request; otherwise, it rejects it.


This content originally appeared on DEV Community and was authored by adewaleomosanya


Print Share Comment Cite Upload Translate Updates
APA

adewaleomosanya | Sciencx (2024-10-09T01:46:58+00:00) Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.. Retrieved from https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/

MLA
" » Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.." adewaleomosanya | Sciencx - Wednesday October 9, 2024, https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/
HARVARD
adewaleomosanya | Sciencx Wednesday October 9, 2024 » Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.., viewed ,<https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/>
VANCOUVER
adewaleomosanya | Sciencx - » Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/
CHICAGO
" » Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.." adewaleomosanya | Sciencx - Accessed . https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/
IEEE
" » Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization.." adewaleomosanya | Sciencx [Online]. Available: https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/. [Accessed: ]
rf:citation
» Understanding JWT (JSON Web Tokens) for Secure Authentication and Authorization. | adewaleomosanya | Sciencx | https://www.scien.cx/2024/10/09/understanding-jwt-json-web-tokens-for-secure-authentication-and-authorization/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.