Skip to content
Vinod Surendran

Vinod Surendran

Programmer, Photographer, Human

Menu
  • About
Menu
  • About

JWT – Security with Simplicity

Posted on March 31, 2017April 24, 2020 by Vinod Surendran

I think you will spend 120 seconds reading this post

Reading time : [est_time]

In today’s world , security is the prime priority.

Throughout the evolution of computers, security also evolved from simple password based authentication to multi factor based authentication, from simple text encryption to two key encryption.  The latest in this evolution is JWT (JSON Web Tokens), which handles secure message passing between two clients / parties.

Why we need JWT ?

In a normal token based authentication, a token is granted for a authenticated user. All the subsequent service calls uses this token and identifies the user. The identification process takes place at server where this token is validated against a token store data. Same is the case for a SAML authentication. The idea of JWT is to make this token self contained with out loosing the compact nature. So the identity will also lies with in the token . This will reduce the time to look up in the token store and also makes the program code straight forward.

How JWT Works ?

JWT has got three parts; a header, a payload and a signature separated by a dot(.) .

A typical JWT token looks like

xxxx.yyyy.zzzz

<header>.<payload>.<signature>

1. Header

The header consist of two parts. The type of the token which is  JWT and the hashing algorithm used eg: HMAC SHA256 or RSA. This JSON block is base64URL encoded.

{ 
 "alg": "HS256",
 "typ": "JWT" 
}

2. Payload

This section contains the information of the user with the associated meta data. The payload can also store relevant information as per the context. It is advised to make it short as possible (avoid using long key values).

Like the header the payload is also base64URL encoded.

{
 "name" : "Peter",
 "id" : "S190F34"
}

3. Signature

To create a signature, take the header and the payload and sign it using the mentioned algorithm with a secret.

It will look like this.

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

Secret can be any string agreed between the two parties. The signature is used to verify the authenticity of the message.

Finally the JWT will look like 

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUGV0ZXIiLCJpZCI6IlMxOTBGMzQifQ.ZHMsgv28QW3wt3cnyd3pAF3Uzyw0dbzmKF9nZfH9rS8

More details about JWT can be found at https://jwt.io/introduction/. You can use the jwt.io debugger to generate, decode and verify the tokens.

Posted in General

Post navigation

KMA management convention
Build your nodeJS Application in a modular way

Related Post

  • Windows Terminal
  • JWT – Security with Simplicity KMA management convention
  • JWT – Security with Simplicity Home energy monitoring
  • JWT – Security with Simplicity
  • JWT – Security with Simplicity Planning to develop some thing new #interesting may…
  • JWT – Security with Simplicity Rising star
  • JWT – Security with Simplicity Feeling better
  • JWT – Security with Simplicity New asianet data line ADL login script is…
  • JWT – Security with Simplicity Wanna create something new and interesti…

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Windows Terminal April 24, 2020
  • Eureka and AWS ECS May 2, 2019
  • Build your nodeJS Application in a modular way October 26, 2017
  • JWT – Security with Simplicity March 31, 2017

Recent Comments

  • Vinod Surendran on Build your nodeJS Application in a modular way
  • Bruce on Build your nodeJS Application in a modular way
  • Sujesh on My experiments with IoT – “Meeting with Pi”
  • Hostgator 1 cent coupon on How to get the TableSpace usage in Oracle
  • hostgator vps coupon code on How to get the TableSpace usage in Oracle

Tags

android android applications applications Arduino asianet dataline butteryfly chrome evdo Experiments firefox General google Hello World HTC Htc legend Ideas industry IOT Legend Linux linux ubuntu login microservice Mobile modem movie player Netflix node nodeJS NPM one click Oracle personal photo Raspberry Pi rooting script Scripts story Tips and Tricks tweaks ubuntu unix Update Windows

Archives

Categories

  • Android (4)
  • General (24)
    • Status Updates (8)
  • IoT (1)
  • Linux (4)
  • Microservice (1)
  • Mobile (5)
  • nodeJS (1)
  • Oracle (4)
  • Photography (1)
  • Tips and Tricks (3)
  • Windows (2)

Tags

android android applications applications Arduino asianet dataline butteryfly chrome evdo Experiments firefox General google Hello World HTC Htc legend Ideas industry IOT Legend Linux linux ubuntu login microservice Mobile modem movie player Netflix node nodeJS NPM one click Oracle personal photo Raspberry Pi rooting script Scripts story Tips and Tricks tweaks ubuntu unix Update Windows

History

  • April 2020 (1)
  • May 2019 (1)
  • October 2017 (1)
  • March 2017 (2)
  • February 2017 (2)
  • January 2017 (2)
  • July 2015 (1)
  • July 2014 (3)
  • January 2013 (4)
  • October 2011 (1)
  • September 2011 (1)
  • May 2011 (2)
  • December 2010 (4)
  • August 2010 (2)
  • July 2010 (1)
  • June 2010 (2)
  • May 2010 (2)
  • April 2010 (4)
  • December 2009 (2)
  • July 2009 (1)
  • May 2009 (6)

Categories

  • Android (4)
  • General (24)
    • Status Updates (8)
  • IoT (1)
  • Linux (4)
  • Microservice (1)
  • Mobile (5)
  • nodeJS (1)
  • Oracle (4)
  • Photography (1)
  • Tips and Tricks (3)
  • Windows (2)
Theme Design & Developed By OpenSumo
  • About