marp | theme | style |
---|---|---|
true |
gaia |
section.lead h1 {
text-align: center;
}
section.middle li{
text-align: center;
}
|
- Json web token (JWT) is a standard for representing claims to be transferred between parties. It is used to recognize the user and to authorize access to the protected resources without keeping the user's password or other credentials in the browser.
- JWT token comprises three parts:
- Header: A JWT token starts with a header, which contains a JSON object with a single key-value pair. The key is "typ" and the value is "JWT".specifies information like the algorithm used to generate the signature
- Payload: The payload contains a JSON object with a number of key-value pairs application specific information, along with information about the expiry and validity of the token.
- Signature: The signature is a digital signature of the JWT token, It is generated by combining and hashing the first two parts along with a secret key.
- The header and payload are encoded in base64url encoding.this means anyone can decoode the header and payload, but not the signature.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
- The first part is the header encoded, can be decooded by using the following command:
echo -n "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" | base64 --decode
-n
is used to remove the newline character.- the out put is
{"alg":"HS256","typ":"JWT"}
- The second part is the payload encoded, can be decooded by using the following command:
echo -n "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ" | base64 --decode
- the out put is
{"sub":"1234567890","name":"John Doe","iat":1516239022}
- The signature is generated by combining the header and payload and hashing it with a secret key.
- once a request is made, the server will generate a JWT token and send it to the client.
- when the client makes a request, the server will verify the signature and if it is valid, it will return the JWT token.
- HEADER: contains the algorithm used for JWT, The header is a JSON object with a single key-value pair. The key is "typ" and the value is "JWT".
- PAYLOAD: Contains non sensitive user data, along with information about the expiry and validity of the token.
- SIGNATURE: The signature is a digital signature of the JWT token, It is generated by combining and hashing the first two parts along with a secret key.
- express is a Node.js framework for building web applications.
- body-parser is a Node.js middleware for handling JSON, Raw, Text and URL encoded form data.
- cookie-parser is a Node.js middleware for parsing Cookies.
const express = require('express');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');