2. Babel Coder
AUTHENTICATION & AUTHORIZATION
Authentication
Articles
Authorization
Authentication is the process of ascertaining that somebody really is who he claims
to be.
Authorization refers to rules that determine who is allowed to do what.
4. Babel Coder
JSON WEB TOKEN
<HEADER>.<PAYLOAD>.<SIGNATURE>
JSON Web Token (JWT) is a JSON-based open standard (RFC 7519) for
creating access tokens that assert some number of claims.
Header
{
"alg": "HS256",
"typ": "JWT"
}
base64UrlEncode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Payload
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}
base64UrlEncode
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI
6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9
Signature
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret
)
5. Babel Coder
PAYLOAD
Subject
sub This holds the identifier for the token
Issued At
iat When the token was issued (unix timestamp)
Expiry
exp The token expiry date (unix timestamp)
Issuer
iss The issuer of the token