Be the first to like this
JSON Web Tokens, or JWTs (pronounced "jots") are an "open, industry standard RFC 7519 method for representing claims securely between two parties" -- but what does that actually *mean*? If you decode the buzzwords, you'll find JWTs solve common problems around authorization for web and mobile apps in a portable, easily implementable fashion -- and you're going to want to use them *everywhere*.
JWTs are designed to be extremely compact -- small enough to be transmitted in an HTTP header, for example -- and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They're based on a very simple and elegant algorithm that's easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.
Unfortunately, learning how to use JWTs can be complicated by the terminology that's commonly used. "Claims", "signatures", "body", "payload" -- a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.
This talk will cover:
* the structure of a JSON Web Token
* the algorithm for generating one
* available libraries and tooling
* some common scenarios where JWTs can be used.
Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.
Presented at OpenWest, 12 Jul 2017