Scribd Logo
Upload

Welcome to Scribd!

  • JWT JSON Web Token

    Uploaded by

    Khushal Chate
    43 views3 pages
    JWT (JSON Web Token) is a compact, self-contained token used to securely transmit information as a JSON object between parties in API-based systems. A JWT typically consists of a header, payload, and signature. The header contains information about the token type and signing algorithm. The payload contains claims about the subject and additional metadata. The signature ensures the integrity and authenticity of the token by being created from the encoded header, encoded payload, and a secret key.

    Original Description:

    JWT JSON Web Token

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    JWT (JSON Web Token) is a compact, self-contained token used to securely transmit information as a JSON object between parties in API-based systems. A JWT typically consists of a header, payload, and signature. The header contains information about the token type and signing algorithm. The payload contains claims about the subject and additional metadata. The signature ensures the integrity and authenticity of the token by being created from the encoded header, encoded payload, and a secret key.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    43 views3 pages

    JWT JSON Web Token

    Uploaded by

    Khushal Chate
    JWT (JSON Web Token) is a compact, self-contained token used to securely transmit information as a JSON object between parties in API-based systems. A JWT typically consists of a header, payload, and signature. The header contains information about the token type and signing algorithm. The payload contains claims about the subject and additional metadata. The signature ensures the integrity and authenticity of the token by being created from the encoded header, encoded payload, and a secret key.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    26/06/2023, 10:18 Box Notes

    JWT (JSON Web Token) - Naveen Automation Labs

    JWT (JSON Web Token) is a popular standard for authentication and authorization in API-based systems. It is a compact, self-
    contained token that securely carries information between parties as a JSON object.

    A JWT typically consists of three components: header, payload, and signature.

    Pic Courtesy: Google Images

    1. Header: The header of a JWT contains information about the token's type and the signing algorithm used. It is Base64Url
    encoded JSON. Commonly used fields in the header include:
    Example:
    { "alg": "HS256", "typ": "JWT" }
    alg: Specifies the algorithm used for signing the token (e.g., HMAC, RSA, or ECDSA).
    typ: Represents the type of token, which is typically set to "JWT".

    2. Payload (Claims): The payload of a JWT contains the actual data or claims. Claims are statements about the entity (subject) and
    additional metadata. There are three types of claims: registered, public, and private. Commonly used claims include:
    Example:
    { "sub": "1234567890", "name": "Naveen AutomationLabs", "admin": true }
    Registered Claims: These are predefined claims defined by the JWT standard (e.g., iss for issuer, exp for expiration time, sub for
    subject, aud for audience).
    Public Claims: These are custom claims created by the users of JWT.
    Private Claims: These are custom claims used by agreed-upon parties and are not defined in the JWT specification.

    https://naveenautomationlabs.app.box.com/notes/1247246832486 1/3
    26/06/2023, 10:18 Box Notes

    3. Signature: The signature of a JWT is created by combining the encoded header, encoded payload, and a secret key. It ensures the
    integrity and authenticity of the token. The signature is used to verify that the message was not tampered with during
    transmission. The signing process depends on the algorithm specified in the header (alg field). The signature is appended to the
    token as the third part.
    Example:

    HMACSHA256(
    base64UrlEncode(header) + "." +
    base64UrlEncode(payload),
    secretKey )

    The resulting JWT looks like header.payload.signature, where each part is Base64Url encoded.
    For example, a complete JWT may look like:

    1 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIi

    Pic Courtesy: Google Images

    https://naveenautomationlabs.app.box.com/notes/1247246832486 2/3
    26/06/2023, 10:18 Box Notes

    JWTs are commonly used for authentication and authorization in API-based systems. The server issues a JWT to a client upon
    successful authentication. The client then includes the JWT in subsequent requests as an Authorization header (e.g., Authorization:
    Bearer <token>) to access protected resources. The server verifies the JWT's signature, validates the claims, and grants or denies
    access based on the token's information.

    Pic Courtesy: metamug

    Cheers!!
    Naveen Khunteta
    Naveen Automation Labs
    https://www.linkedin.com/in/naveenkhunteta/

    https://naveenautomationlabs.app.box.com/notes/1247246832486 3/3

    You might also like