All About JSON Web Token

Hello Everyone👋🏼, Hope you and your loved ones are great😇

ABBREVIATION

1. jwt = JSON Web Tokens
2. SMAL = Security Assertion Markup Language
3. SWT = Simple Web Tokens

Introduction

Here is the Index of the blo# g:

1. What is jwt?
2. Why we should use jwt?
3. When should we use jwt?
4. Structure of jwt
5. How jwt work?

What exactly is JWT?

Jwt is a JSON object that contains compact information which is used to transfer safely between two parties. The information in the JSON object is secured and can be trusted because of the fact that it is digitally signed.

Now some of you might be thinking, what do you mean by digitally signed? Let me tell you,

A Digitally Signed means a message/document is hashed(encrypted) using your secret private/public key, and this message can only and only be decrypted using the key which you first used to encrypt the information.

Why should we use JWT?

• JSON parsers can be used to directly map any object, which makes it easier to work with jwt as compared to SAML.

• The encoded size of jwt is smaller when compared with other tokens like SAML, SWT, etc, because of this property jwt is a good choice when it comes to passing tokens in HTTP and HTML environments.

• The processing of jwt can be done on multiple platforms which also includes mobiles, because of the fact that jwt is used at internet scale.

When should you use JWT?

• One of the most common reasons for using jwt is API Authentication Mechanism. You generate a token to encrypt information using a public/private key and decryption is only possible using this key. Also, you can choose when you want this key to get expired.

• Since jwt is signed, these tokens can be used to securely transfer the information between two servers.

• jwt can also be used to authorize operations across the servers.

Structure of JWT

The structure of JWT is divided into 3 parts namely the header, payload, and signature. We will discuss each of them:

1. Header -> Header is the first part of jwt and comprises of the cryptographic operations which are applied to the JSON token, for example, signing/encryption techniques used in it. The Header may also comprise the content/media type of information that the sender is sending.

1. Payload -> Payload is the second part of jwt where the user/senders data is added. Once decoded this part using the information is present in the form of a JSON object and is always readable, so one must not store any sensitive information in it. Additional information which you will be passing inside the JSON object must be small because jwt is meant to be compact for fast requests.

1. Signature -> Signature is the third part of jwt and is used to verify the authenticity of the token. If one wants to create a signature then one needs to take the encoded header, encoded payload, the secret key, and the algorithm specified in the header part and sign it. A header can be decoded but a signature cannot be decoded

How does JWT works?

A user first logs in with his username and password, if a user is successfully logged in using his credentials then a JSON token is generated. If a token consists of sensitive data then you can use the expiresIn property to set the expiry time of that token while signing the information.

Further, if the user wants to access a specific resource, then the user must send the jwt for verification, and if the jwt signature is found valid then the user is granted access to that particular resource.

Hope I was able to explain the topic to you😄

Happy Coding👨🏼‍💻👩🏼‍💻!!