JSON Web Tokens (JWT)
•
3 likes•3,715 views
JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties. JWTs can be signed to provide proof of authenticity and integrity, and encrypted to provide confidentiality. A JWT typically contains header, payload, and signature. The payload holds claims about an entity and is digitally signed to protect integrity. JWTs can be passed in HTML and HTTP environments and used from lightweight clients.
![{"iss"
"sub"
"aud"
"exp"
"nbf"
"iat"
"jti"
:
:
:
:
:
:
:
"https://myserver.net",
"alice@wonderland.net",
[ "https://myapi.com", ... ],
1364293137871,
1364292537871,
1364292537871,
"165a7bab-de06-4695-a2dd-9d8d6b40e443"}
--->
eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ.K52jFwA
QJHDxMhtaq7sg5tMuot_mT5dm1DR_01wj6ZUQQhJFO02vPI44W5nDj
C5C_v4pW1UiJa3cwb5y2Rd9kSvb0ZxAqGX9c4Z4zouRU57729ML3V0
5UArUhck9ZvssfkDW1VclingL8LfagRUs2z95UkwhiZyaKpmrgqpKX
8azQFGNLBvEjXnxxoDFZIYwHOno290HOpig3aUsDxhsioweiXbeLXx
LeRsivaLwUWRUZfHRC_HGAo8KSF4gQZmeJtRgai5mz6qgbVkg7jPQy
ZFtM5_ul0UKHE2y0AtWm8IzDE_rbAV14OCRZJ6n38X5urVFFE5sdph
dGsNlA.gjI_RIFWZXJwaO9R.oaE5a0N1MW9FBkhKeKeFa5e7hxVXOu
ANZsNmBYYT8G_xlXkMD0nz4fIaGtuWd3t9XpkufvvfDxOnAs2SBX_Y
1kYGPto4mibBjIrXQEjDsKyKwndxzrutN9csmFwqWhx1sLHMpJkgsn
fLTi9yWBPKH5Krx23IhoDGoSfqOquuhxn0y0Wk](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to JSON Web Tokens (JWT)
More from Vladimir Dzhuvinov
More from Vladimir Dzhuvinov (8)
Recently uploaded
Recently uploaded (20)
JSON Web Tokens (JWT)
- 1. JSON Web Token (JWT) For self-contained access and other tokens OAuth 2.0 | OpenID Connect | … Verifiable with signature, encryptable Base64URL encoded
- 2. {"iss" "sub" "aud" "exp" "nbf" "iat" "jti" : : : : : : : "https://myserver.net", "alice@wonderland.net", [ "https://myapi.com", ... ], 1364293137871, 1364292537871, 1364292537871, "165a7bab-de06-4695-a2dd-9d8d6b40e443"} ---> eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ.K52jFwA QJHDxMhtaq7sg5tMuot_mT5dm1DR_01wj6ZUQQhJFO02vPI44W5nDj C5C_v4pW1UiJa3cwb5y2Rd9kSvb0ZxAqGX9c4Z4zouRU57729ML3V0 5UArUhck9ZvssfkDW1VclingL8LfagRUs2z95UkwhiZyaKpmrgqpKX 8azQFGNLBvEjXnxxoDFZIYwHOno290HOpig3aUsDxhsioweiXbeLXx LeRsivaLwUWRUZfHRC_HGAo8KSF4gQZmeJtRgai5mz6qgbVkg7jPQy ZFtM5_ul0UKHE2y0AtWm8IzDE_rbAV14OCRZJ6n38X5urVFFE5sdph dGsNlA.gjI_RIFWZXJwaO9R.oaE5a0N1MW9FBkhKeKeFa5e7hxVXOu ANZsNmBYYT8G_xlXkMD0nz4fIaGtuWd3t9XpkufvvfDxOnAs2SBX_Y 1kYGPto4mibBjIrXQEjDsKyKwndxzrutN9csmFwqWhx1sLHMpJkgsn fLTi9yWBPKH5Krx23IhoDGoSfqOquuhxn0y0Wk
- 3. GET /protected-resource.html HTTP/1.1 Host: myapi.com Authorization Bearer eyJhbGciOiJSU0EtT0FFUC...
- 4. Resources ● Java Script Object Signing and Encryption (JOSE) IETF WG: – – JSON Web Signature (JWS) – JSON Web Encryption (JWE) – ● JSON Web Algorithms (JWA) JSON Web Keys (JWK) Nimbus JOSE+JWT library @Bitbucket: https://bitbucket.org/nimbusds/nimbus-jose-jwt/