Wednesday, 26 May 2021

Introduction to JWT (Json Web Token)

JWT stands for Json Web Token, is a compact, URL-safe means of representing claims to be transferred between two parties. Using JWT token, you can securely transmit the information between two parties as a JSON object.

 

JWT token structure

JWT token is divided into 3 parts (Header, Payload, Signature). All the information (header, payload and signature) in JWT token is base64 encoded.

 

Example

{header}.{payload}.{signature}

 


a. Header (Represented in red color characters), it specifies the algorithm used to generate the jwt token and type of the token.




As you see above image, header specifies that this is of jwt token type and HS256 algorithm is used while signing the token.

 

b. Payload: Specifies the claims about an entity. For example, here the token specifies the claims of user Krishna.

 


In the above example, iss, exp and iat are the predefined claims in JWT specification. These predefined claims are not mandatory but recommended.

 

‘permissions’, ‘name’ and ‘doman’ are the custom claims.

c. Signature

JWT token is signed using a static secret or a public private key pair like RSA. Signed tokens are used to validate the integrity of the claims in the token.

 

Signature is calculated by apply some algorithm on header and payload, secret.

 

For example, if you want to use the HMAC SHA256 algorithm, signature is generated in the following way.

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)


How to parse the jwt token online?

Go to the website https://jwt.io/ and parse the jwt token there.

 

For example, Paste below token in the Encoded section to decode the data.

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwZXJtaXNzaW9ucyI6WyJlZGl0b3IiLCJub3RpZmllciJdLCJpc3MiOiJhdXRoMCIsIm5hbWUiOiJrcmlzaG5hIiwiZG9tYW4iOiJIUiIsImV4cCI6MTYyMjAzNjg1NSwiaWF0IjoxNjIyMDA4MDU1fQ.9b1Lux_YjP6yePCsueZ9zkrcnalD8ohmWRaVAUPtAw8


Usecases of JWT token

JWT tokens are used in

a.   Authorization

b.   Data exchange

 

I am going to use following dependency throughout the tutorial.

 

Dependency used for this tutorial

<dependency>
	<groupId>com.auth0</groupId>
	<artifactId>java-jwt</artifactId>
	<version>3.16.0</version>
</dependency>

Reference

https://tools.ietf.org/html/rfc7519


 

 

 

Previous                                                    Next                                                    Home

No comments:

Post a Comment