notes
  • computer-networking
    • extend-wifi-with-router
    • how-the-internet-works
    • idk
    • networking-devices
    • osi-model
    • tcp-ip
    • Types of VPN
  • databases
    • Foreign Keys
    • Redis
    • simple-queries
  • devops
    • ansible
    • Manual deployment
    • docker
    • Workflow file
    • nginx
    • promethues-grafana
    • terraform
  • hardware
    • Power
  • home-server
    • proxmox-basics
    • proxmox-setup
    • storage
  • languages-frameworks
    • programming-paradigms
    • programming-languages
      • Regex Notes
      • c
        • basics
        • pointers-memory
      • cpp
        • basics
        • running-cpp
      • php
        • basics
        • choizez
        • frameworks
          • laravel
      • python
        • venv
        • concepts
          • Using lambda
        • frameworks
          • django
            • django
            • start
      • java
        • advanced
          • functional-programming
          • reactive-programming
        • concepts
          • how-java-works
          • serialization
          • sockets
          • threads
        • extra
          • collection-framework
          • generics-and-wildcards
          • Regular Expressions (Regex)
          • streams
        • frameworks
          • orm
        • fundamentals
          • OOP
          • conditionals
          • data-structures
          • data-types
          • exceptions
          • files
          • Functions (aka method)
          • Loops
          • packages
          • type-casting
      • javascript
        • frameworks
          • morgan
          • Using Sequelize with PostgreSQL in JavaScript
  • operating-system
    • basics
    • linux-directories
    • Basic Unix Terminal Commands
  • others
    • dark-web
    • piracy
  • system-design
    • system-design
  • web-dev
    • full-stack
  • books
    • sicp
      • Recursion thought process
      • 1
        • 1.1
        • 1.2
        • 1.3
      • 2
        • 2.1
  • certifications
    • aws-certified-cloud-practitioner
      • core-services
      • other-services
    • comptia-a+
      • Cloud
      • hardware
      • Important terms
      • Important terms
      • Troubleshooting
  • cloud
    • aws
      • aws-cli
      • aws-ec2-deployment
  • dsa
    • algorithms
      • back-tracking
      • bfs
      • Binary Search
      • bit-manipulation
      • Bubble sort
      • bucket-sort
      • counting-sort
      • dfs
      • Divide & Conquer
      • djikstras-algorithm
      • dynamic-programming
      • external-sorting
      • greedy-algorithm
      • Heap sort
      • Insertion sort
      • kadanes-algorithm
      • Merge sort
      • Permutation
      • quick-sort
      • Radix Sort
      • recurrence-relation
      • recursion
      • Selection sort
      • sliding-window
      • subset
      • time-space-complexity
      • topological-sort
      • tree-traversals
      • Two Pointers Technique
    • data-structures
      • data-structures
  • security
    • authentication
      • What is JWT (JSON Web Token)?
    • software-architecture-design
      • design-patterns
Powered by GitBook
On this page
  1. security
  2. authentication

What is JWT (JSON Web Token)?

  • Definition:

    • JWT is a compact, URL-safe means of representing claims between two parties. It is often used for authentication and authorization in web development.

  • Structure: JWTs consist of three parts separated by dots (.):

    • Header

    • Payload

    • Signature.

  • Header:

    • Contains information about how the JWT is encoded, typically specifying the type ("typ") and the signing algorithm ("alg").

  • Payload:

    • Carries the claims. Claims are statements about an entity (typically, the user) and additional data.

    • Standard claims include issuer ("iss"), subject ("sub"), expiration time ("exp"), and others.

  • Signature:

    • Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

    • Created by encoding the header, payload, and a secret key using the specified algorithm.

  • Example JWT:

    • eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

  • Use Case:

    • Commonly used for authentication by exchanging information between parties, often after a user logs in. The token is then sent in subsequent requests to validate the user's identity and access rights.

  • Advantages:

    • Compact and self-contained.

    • Stateless and scalable.

    • Can be easily transmitted as a URL parameter, in an HTTP header, or as a cookie.

  • Security Considerations:

    • Should be transmitted over HTTPS to prevent eavesdropping.

    • Use strong, unique secret keys for signing to prevent tampering.

  • Libraries:

    • Various programming languages provide libraries for creating, decoding, and verifying JWTs.

PreviousauthenticationNextsoftware-architecture-design

Last updated 1 month ago