SlideShare a Scribd company logo

Json Web Token - JWT

Download as PPTX, PDF
Prashant Walke
Prashant Walke

JSON Web Tokens (JWT) are an open standard for securely transmitting information as a JSON object, commonly used for authorization and information exchange. They are compact, self-contained, and can be signed using either a secret or a key pair, which adds to their security and efficiency in user authentication. The document outlines the JWT format, its claims, and the authentication process involving the creation and verification of JWTs in application servers.

Education
1 of 12
Downloaded 193 times
1
2
3
4
5
6
7
8
9
10
Most read
11
Most read
12
Most read
JSON Web Token (JWT) Prashant Walke
Overview What is JSON Web Token? JSON Web Tokens Uses ● Authorization ● Information Exchange How do JSON Web Tokens work
What is JSON Web Token? ● JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. ● This information can be verified and trusted because it is digitally signed. ● JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
JSON Web Tokens Uses Authorization ● Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Information Exchange ● JSON Web Tokens are a good way of securely transmitting information between parties
Why should we use JSON Web Tokens? ● Security - Securely transmitting information between parties using public/private key pairs ● Ease - Ease of client-side processing of the JSON Web token on multiple platforms, especially mobile. ● Compact -Because of its size, it can be sent through an URL, POST parameter, or inside an HTTP header. Additionally, due to its size its transmission is fast. ● Self-Contained - The payload contains all the required information about the user, to avoid querying the database more than once.
How do JSON Web Tokens work?
JWT format header.payload.signature ● Header - consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. For example: { "alg": "HS256", "typ": "JWT" }
JWT format header.payload.signature ● Payload- Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims. For example: { "user_id": "4" }
JWT format header.payload.signature ● Signature - To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. For example (HMAC SHA256 algorithm): HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
JWT format Authentication Server User Sign In ([username/password]) User Authenticated, JWT Created and return to USER 1 2 {header.payload.signature } {JWT} User Application Server User passes [JWT] When making API Calls3 Application verifies and processes API Call4
JWT to verify the authenticity of a user ● User first signs into the authentication server using the authentication server’s login system (e.g. username and password, Facebook login, Google login, Twitter etc). ● The authentication server then creates the JWT and sends it to the user. ● When the user makes API calls to the application, the user passes the JWT along with the API call. ● In this setup, the application server would be configured to verify that the incoming JWT are created by the authentication server ● When the user makes API calls with the attached JWT, the application can use the JWT to verify that the API call is coming from an authenticated user.
Conclusion Definitely having reliable way to authenticate user is the first thing on the list and using JWT Authentication as an best authentication method.

More Related Content

What's hot (20)

PDF
JSON Web Tokens
Ivan Rosolen
 
PDF
Json web token
Mayank Patel
 
PDF
Jwt Security
Seid Yassin
 
PPTX
Understanding JWT Exploitation
AkshaeyBhosale
 
PDF
JSON Web Token
Deddy Setyadi
 
PDF
Spring Security
Knoldus Inc.
 
PDF
[OPD 2019] Attacking JWT tokens
OWASP
 
PPTX
Introduction to spring boot
Santosh Kumar Kar
 
PPTX
REST API 설계
Terry Cho
 
PPTX
Pentesting jwt
Jaya Kumar Kondapalli
 
PDF
REST APIs with Spring
Joshua Long
 
PPTX
Json web tokens
ElieHannouch
 
PDF
Swagger
NexThoughts Technologies
 
PPTX
Spring Boot
Jiayun Zhou
 
PPTX
An Introduction to OAuth 2
Aaron Parecki
 
PPTX
Rest API
Rohana K Amarakoon
 
PDF
Demystifying OAuth 2.0
Karl McGuinness
 
PPTX
Rest api with node js and express
GirlsInTechnology Nepal
 
PPTX
Flask – Python
Max Claus Nunes
 
PPTX
Introduction to Spring Boot
Purbarun Chakrabarti
 
JSON Web Tokens
Ivan Rosolen
 
Json web token
Mayank Patel
 
Jwt Security
Seid Yassin
 
Understanding JWT Exploitation
AkshaeyBhosale
 
JSON Web Token
Deddy Setyadi
 
Spring Security
Knoldus Inc.
 
[OPD 2019] Attacking JWT tokens
OWASP
 
Introduction to spring boot
Santosh Kumar Kar
 
REST API 설계
Terry Cho
 
Pentesting jwt
Jaya Kumar Kondapalli
 
REST APIs with Spring
Joshua Long
 
Json web tokens
ElieHannouch
 
Swagger
NexThoughts Technologies
 
Spring Boot
Jiayun Zhou
 
An Introduction to OAuth 2
Aaron Parecki
 
Rest API
Rohana K Amarakoon
 
Demystifying OAuth 2.0
Karl McGuinness
 
Rest api with node js and express
GirlsInTechnology Nepal
 
Flask – Python
Max Claus Nunes
 
Introduction to Spring Boot
Purbarun Chakrabarti
 

Similar to Json Web Token - JWT (20)

PDF
Landscape
Amit Gupta
 
PDF
Landscape
Amit Gupta
 
PDF
5 easy steps to understanding json web tokens (jwt)
Amit Gupta
 
PDF
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
PDF
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
PDF
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
iMasters
 
PDF
Jwt the complete guide to json web tokens
remayssat
 
PPTX
JWT_Presentation to show how jwt is better then session based authorization
nathakash343
 
PPTX
jwt.pptx
Maleerat Maliyaem
 
PDF
Autenticação com Json Web Token (JWT)
Ivan Rosolen
 
PPTX
JsonWebTokens ppt - explains JWT, JWS , JWE Tokens
nagarajapallafl
 
PDF
Jwt with flask slide deck - alan swenson
Jeffrey Clark
 
PDF
JSON Web Tokens Will Improve Your Life
John Anderson
 
PPTX
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
SohailCreation
 
PDF
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - Code E...
Luciano Mammino
 
PDF
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Luciano Mammino
 
PDF
Json web token api authorization
Giulio De Donato
 
PDF
Jwt
Frank Linehan
 
PPTX
Uniface Lectures Webinar - Application & Infrastructure Security - JSON Web T...
Uniface
 
PDF
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
Landscape
Amit Gupta
 
Landscape
Amit Gupta
 
5 easy steps to understanding json web tokens (jwt)
Amit Gupta
 
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
iMasters
 
Jwt the complete guide to json web tokens
remayssat
 
JWT_Presentation to show how jwt is better then session based authorization
nathakash343
 
jwt.pptx
Maleerat Maliyaem
 
Autenticação com Json Web Token (JWT)
Ivan Rosolen
 
JsonWebTokens ppt - explains JWT, JWS , JWE Tokens
nagarajapallafl
 
Jwt with flask slide deck - alan swenson
Jeffrey Clark
 
JSON Web Tokens Will Improve Your Life
John Anderson
 
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
SohailCreation
 
Cracking JWT tokens: a tale of magic, Node.js and parallel computing - Code E...
Luciano Mammino
 
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Luciano Mammino
 
Json web token api authorization
Giulio De Donato
 
Jwt
Frank Linehan
 
Uniface Lectures Webinar - Application & Infrastructure Security - JSON Web T...
Uniface
 
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
Ad

Recently uploaded (20)

PDF
Is Assignment Help Legal in Australia_.pdf
thomas19williams83
 
PPTX
care of patient with elimination needs.pptx
Rekhanjali Gupta
 
PDF
Week 2 - Irish Natural Heritage Powerpoint.pdf
swainealan
 
PPTX
Introduction to Indian Writing in English
Trushali Dodiya
 
PDF
Android Programming - Basics of Mobile App, App tools and Android Basics
Kavitha P.V
 
PDF
Knee Extensor Mechanism Injuries - Orthopedic Radiologic Imaging
Sean M. Fox
 
PPTX
PPT-Q1-WEEK-3-SCIENCE-ERevised Matatag Grade 3.pptx
reijhongidayawan02
 
PPTX
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
PPTX
DAY 1_QUARTER1 ENGLISH 5 WEEK- PRESENTATION.pptx
BanyMacalintal
 
PDF
Horarios de distribución de agua en julio
pegazohn1978
 
PPTX
EDUCATIONAL MEDIA/ TEACHING AUDIO VISUAL AIDS
Sonali Gupta
 
PPTX
infertility, types,causes, impact, and management
Ritu480198
 
PDF
Characteristics, Strengths and Weaknesses of Quantitative Research.pdf
Thelma Villaflores
 
PPTX
How to Create a Customer From Website in Odoo 18.pptx
Celine George
 
PDF
AI-Powered-Visual-Storytelling-for-Nonprofits.pdf
TechSoup
 
PDF
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
PPTX
How to Manage Allocation Report for Manufacturing Orders in Odoo 18
Celine George
 
PPTX
Introduction to Biochemistry & Cellular Foundations.pptx
marvinnbustamante1
 
PDF
Exploring the Different Types of Experimental Research
Thelma Villaflores
 
PPTX
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
Is Assignment Help Legal in Australia_.pdf
thomas19williams83
 
care of patient with elimination needs.pptx
Rekhanjali Gupta
 
Week 2 - Irish Natural Heritage Powerpoint.pdf
swainealan
 
Introduction to Indian Writing in English
Trushali Dodiya
 
Android Programming - Basics of Mobile App, App tools and Android Basics
Kavitha P.V
 
Knee Extensor Mechanism Injuries - Orthopedic Radiologic Imaging
Sean M. Fox
 
PPT-Q1-WEEK-3-SCIENCE-ERevised Matatag Grade 3.pptx
reijhongidayawan02
 
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
DAY 1_QUARTER1 ENGLISH 5 WEEK- PRESENTATION.pptx
BanyMacalintal
 
Horarios de distribución de agua en julio
pegazohn1978
 
EDUCATIONAL MEDIA/ TEACHING AUDIO VISUAL AIDS
Sonali Gupta
 
infertility, types,causes, impact, and management
Ritu480198
 
Characteristics, Strengths and Weaknesses of Quantitative Research.pdf
Thelma Villaflores
 
How to Create a Customer From Website in Odoo 18.pptx
Celine George
 
AI-Powered-Visual-Storytelling-for-Nonprofits.pdf
TechSoup
 
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
How to Manage Allocation Report for Manufacturing Orders in Odoo 18
Celine George
 
Introduction to Biochemistry & Cellular Foundations.pptx
marvinnbustamante1
 
Exploring the Different Types of Experimental Research
Thelma Villaflores
 
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
Ad

Json Web Token - JWT

  • 2. Overview What is JSON Web Token? JSON Web Tokens Uses ● Authorization ● Information Exchange How do JSON Web Tokens work
  • 3. What is JSON Web Token? ● JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. ● This information can be verified and trusted because it is digitally signed. ● JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
  • 4. JSON Web Tokens Uses Authorization ● Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Information Exchange ● JSON Web Tokens are a good way of securely transmitting information between parties
  • 5. Why should we use JSON Web Tokens? ● Security - Securely transmitting information between parties using public/private key pairs ● Ease - Ease of client-side processing of the JSON Web token on multiple platforms, especially mobile. ● Compact -Because of its size, it can be sent through an URL, POST parameter, or inside an HTTP header. Additionally, due to its size its transmission is fast. ● Self-Contained - The payload contains all the required information about the user, to avoid querying the database more than once.
  • 6. How do JSON Web Tokens work?
  • 7. JWT format header.payload.signature ● Header - consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. For example: { "alg": "HS256", "typ": "JWT" }
  • 8. JWT format header.payload.signature ● Payload- Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims. For example: { "user_id": "4" }
  • 9. JWT format header.payload.signature ● Signature - To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. For example (HMAC SHA256 algorithm): HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
  • 10. JWT format Authentication Server User Sign In ([username/password]) User Authenticated, JWT Created and return to USER 1 2 {header.payload.signature } {JWT} User Application Server User passes [JWT] When making API Calls3 Application verifies and processes API Call4
  • 11. JWT to verify the authenticity of a user ● User first signs into the authentication server using the authentication server’s login system (e.g. username and password, Facebook login, Google login, Twitter etc). ● The authentication server then creates the JWT and sends it to the user. ● When the user makes API calls to the application, the user passes the JWT along with the API call. ● In this setup, the application server would be configured to verify that the incoming JWT are created by the authentication server ● When the user makes API calls with the attached JWT, the application can use the JWT to verify that the API call is coming from an authenticated user.
  • 12. Conclusion Definitely having reliable way to authenticate user is the first thing on the list and using JWT Authentication as an best authentication method.