JWT stands for JSON Web Token. In simple words, it is an effective way of transmitting information between parties on internet.
Let us first try to understand the purpose of tokens in general with an analogy of usage of tokens at some candy shop. You first pay for the items that you want to buy to the shop owner at the counter who then provides you some coin/rectangular token which you take to the vendor who verifies the token and only if the token is valid, gives you your items.
Few points to note in this example: –
- The shop owner only has the duty of receiving the payment for user’s demanded items and then provide him a token which kind of authenticates him to purchase the said items.
- The shop vendor has the duty to verify the token and provide the items. If you produce some token which he doesn’t recognize, he would deny your request.
Similarly, in most of today’s web application implementations, the authentication servers and the resource servers are maintained separately. The job of Authentication server is to authenticate a user once (May be using his username and password) and provide him with a token (serving as a delegated access permission), which can then be produced at the resource server to get access to said resources. Obviously, the token is first verified at the resource server, as to be granted by a legitimate authentication server.
JWT is one of the ways in which a server can generate the token. Between, as per OpenID connect specification, ID_Token can only be generated in JWT format.
Let’s dig a little deeper into the format of JWT: –
- It is string value with three parts, separated with ‘.’
Example:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
- Part 1: A Base64URL encoded value of a JSON payload specifying header, typically providing some metadata about the token.
Example:
{
“alg”: “RS256”,
“typ”: “JWT”
}
Here, alg (algorithm used to sign the JWT) and typ (denoting type of the token) are reserved keywords.
- Part 2: Base64URL encoded value of a json payload referred to as claims. It is used to provide user information.
Example:
{
“sub”: “1234567890”,”name”: “John Doe”,
“iat”: 1516239022
}
Note that the key words ‘sub’ (subject denoting the technical identifier of the user) and ‘iat’ (issued at denoting the time of issue of the token) are reserved claim names. One can also use private/public claims as far as they are not contradicting with reserved claims.
- Part 3: It is Message Authentication code (MAC) also called digital signature. It is created using some algorithm over the header and payload information to generate a string. Two of the famous algorithms are-
- HS256: On high level it combines the header, the payload and a secret private key (specific to the client) and hashes them together using some cryptographic hashing function (Ex- SHA-256) to produce an irreversible (contrary to encryption, which can be decrypted) string value. The resource server also is in possession of the same private secret key, which it can use to regenerate the signature to verify the authenticity of the token.
- RS256: One drawback of above algorithm is that both the authentication and resource server need to maintain the client private secret keys for verification purpose – which is an overhead and a bit risky from the point of safeguarding the secrets at multiple places. RS256 signatures use a particular type of keys, called RSA Keys. RSA is the name of an encryption/decryption algorithm that takes one key to encrypt and a second key to decrypt.
Note that RSA is not a Hashing function, because by definition the output of encryption can be reversed, and we can get back the initial result. In RS256 – we take the Header and the Payload, and encrypt it using RSA with the private key.
However, the process of RSA encryption is little slow and because of this at times, where the size of payload is considerable large, we might want to use some hybrid algorithm like RSA-SHA256, which combined the benefits of SHA256 hashing function to hash header and payload first (which reduces the size of the data) and then encrypting it using the RSA private key. Typical decoded JWT token’s signature part would look something like:
RSASHA256(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),
—–BEGIN PUBLIC KEY—–
Some valid public RSA key
—–END PUBLIC KEY—–
)
Only wanna tell that this is extremely helpful, Thanks for taking your time to write this.
An attention-grabbing discussion is worth comment. I believe that you must write more on this topic, it won’t be a taboo subject but typically people are not sufficient to talk on such topics. To the next. Cheers
WONDERFUL Post.thanks for share..extra wait .. ?
Simply want to say your article is as astonishing. The clarity to your publish is just excellent and i could suppose you are an expert in this subject. Well along with your permission let me to snatch your RSS feed to keep up to date with forthcoming post. Thanks a million and please carry on the gratifying work.
Just want to say your article is as surprising. The clearness in your post is just great and i could think you are a professional on this subject. Well together with your permission allow me to clutch your RSS feed to keep up to date with imminent post. Thanks one million and please continue the gratifying work.
I?ve recently started a website, the info you offer on this web site has helped me greatly. Thank you for all of your time & work.
Generally I do not read article on blogs, but I wish to say that this write-up very forced me to take a look at and do so! Your writing style has been amazed me. Thanks, very nice post.
Thanks , I have just been looking for information about this subject for ages and yours is the best I’ve discovered so far. But, what about the conclusion? Are you sure about the source?
I have noticed that online education is getting well-known because attaining your college degree online has become a popular option for many people. Quite a few people have not really had a possibility to attend a regular college or university however seek the increased earning possibilities and career advancement that a Bachelor’s Degree grants. Still some others might have a diploma in one training but wish to pursue anything they now possess an interest in.
hi!,I like your writing very much! share we communicate more about your article on AOL? I need an expert on this area to solve my problem. Maybe that’s you! Looking forward to see you.
Thanks for writing this article. It helped me a lot and I love the subject.
I always find your articles very helpful. Thank you!
Your articles are very helpful to me. May I request more information?
Please tell me more about this
I enjoyed reading your piece and it provided me with a lot of value.
Thanks for writing this article. It helped me a lot and I love the subject.
You helped me a lot. These articles are really helpful dude.
Your articles are very helpful to me. May I request more information?
You helped me a lot. These articles are really helpful dude.
May I request more information on the matter?
May I request that you elaborate on that? Your posts have been extremely helpful to me. Thank you!
I must say you’ve been a big help to me. Thanks!
Please tell me more about your excellent articles
Thanks for posting such an excellent article. It helped me a lot and I love the subject matter.
Thanks for posting such an excellent article. It helped me a lot and I love the subject matter.
Thank you for writing so many excellent articles. May I request more information on the subject?
May I request more information on the matter?
Thanks for posting. I really enjoyed reading it, especially because it addressed my issue. It helped me a lot and I hope it will help others too.
Please provide me with additional details on the matter
I want to thank you for your assistance and this post. It’s been great.
Thanks for your help and for posting this. It’s been great.
Thanks for posting. I really enjoyed reading it, especially because it addressed my problem. It helped me a lot and I hope it will help others too.
You helped me a lot. These articles are really helpful dude.
Thank you for your articles. They’re very helpful to me. May I ask you a question?
What is it about? I have some questions dude.
Thank you for posting this post. I found it extremely helpful because it explained what I was trying to say. I hope it can help others as well.
I enjoyed reading your piece and it provided me with a lot of value.
Please tell me more about your excellent articles
Thank you for writing this post!
Your articles are extremely helpful to me. Please provide more information!
May I request more information on the subject? All of your articles are extremely useful to me. Thank you!
Thanks for your help and for posting this article. It’s been great.
Thank you for writing this post!
You really helped me by writing this article. I like the subject too.
That’s what i mean when i say that content is the king!
May I request more information on the subject? All of your articles are extremely useful to me. Thank you!
Thank you for providing me with these article examples. May I ask you a question?
Thank you for sharing this article with me. It helped me a lot and I love it.
Thank you for writing the article. I like the topic too.
This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your great post. Also, I’ve shared your website in my social networks!
terrific and fantastic blog. I actually intend to thanks, for giving
us far better details.
I like this weblog very much, Its a real nice place to read and receive information. “The absence of war is not peace.” by Harry S Truman.
Very rapidly this web page will be famous amid
all blogging and site-building viewers, due to it’s pleasant articles or reviews
Good article! We will be linking to this great content
on our website. Keep up the good writing.
Howdy! I could have sworn I’ve been to this site before but
after checking through some of the post I realized it’s new to me.
Anyways, I’m definitely delighted I found it and I’ll be bookmarking and
checking back frequently!
I’m not sure where you are getting your information, but great topic.
I needs to spend some time learning more or understanding more.
Thanks for wonderful information I was looking for this info for
my mission.
This is my first time visit at here and i am actually
happy to read all at single place.
After exploring a few of the blog articles on your blog, I seriously
appreciate your technique of writing a blog. I book marked it to my bookmark site list and will be checking back soon. Take a
look at my website too and tell me how you feel.
Thank you for sharing your info. I really appreciate your efforts
and I am waiting for your further write ups thank you once again.
Hi there! This blog post could not be written much better!
Looking through this article reminds me of my previous roommate!
He always kept preaching about this. I most certainly will forward this information to him.
Fairly certain he will have a great read. Thanks for sharing!
Please let me know if you’re looking for a writer for your weblog.
You have some really good posts and I feel I would be a good asset.
If you ever want to take some of the load off, I’d really
like to write some articles for your blog in exchange for a link back to mine.
Please shoot me an e-mail if interested. Thank you!
Amazing! Its truly remarkable post, I have got much clear idea about
from this piece of writing.
This piece of writing gives clear idea in support of the new users of blogging,
that genuinely how to do blogging.
Excellent pieces. Keep writing such kind of info on your page.
Im really impressed by your blog.
Hey there, You’ve done a great job. I will
certainly digg it and individually recommend to my friends.
I am sure they’ll be benefited from this web site.
Excellent weblog right here! Also your web site loads
up fast! What host are you the use of? Can I get your associate
link to your host? I wish my web site loaded up as quickly as yours lol
I’ve learn several just right stuff here.
Definitely value bookmarking for
revisiting. I surprise how much effort you set to create one of these fantastic informative web site.