CALL US

+91 9116117170

What is JSON Web Token(JWT) | Cyberops

What is JSON Web Token(JWT)

By Vedant Jain 0 Comment May 24, 2021

Token-Based Authentication

The token-based authentication systems allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource without entering their username and password at each request.

JSON Web Token

JWT is also know as JSON Web Token. JWT is a way to communicate between two parties in a secured manner. This a standard way which comes under the RFC 7519.

Benefits of JWT

  • More Control
  • More Secure
  • More Common
  • Easier to Process

How the JWT Works?

So the Client/User logs in with username and password then it will procced to the server. Server will send back a user authenticated data ability created JWT encryption to the user. User passes JWT with subsequent request to the server and then the server applies verification and verify it and process the request for the user to proceed to enter their account.

JWT Structure

  • Header
  • Payload
  • Signature

Let’s take an example this is a line of string of JWT and we can see here that there are 3 sections separated by dots.

Let’s take the first section of the string

Header: A header in a JWT is mostly used to describe the cryptographic operations applied to the JWT like signing/decryption technique used on it. It can also contain the data about media/content type of the information we are sending

This is the first section of JWT string that you can see on the upside. If we decrypt the string online there is an online decryption called the base64. After decryption we can able to see the algorithm and the type.

Payload: Data is also referred to as the ‘claims’ of the JWT. This information is readable by anyone so it is always advised to not put any confidential information in here.

And similarly, if we try to decode this in base64 we can see the plain text of the encoded string.

Signature: Signature is a joint hash from header, payload and is a secret key.

The used hash algorithm follows from what is already specified in the header. Even for security reasons, we can give our own secret code and it can also be encoded in Base64.

I hope this article gives you the kick start to understand about JSON Web Token. We will discuss more in further articles.

error: Content is protected by Cyberops !!