SlideShare a Scribd company logo

Jwt

Frank Linehan, profile picture
Frank Linehan

JWTs are an open standard for securely transmitting claims between parties as a JSON object. The claims are encoded in a JWT payload that is digitally signed or integrity protected with a MAC and/or encrypted. JWTs avoid issues with cookies and cross-origin resource sharing by being stateless and transmitting claims in tokens rather than sessions. JWTs handle authentication across devices and services without managing sessions on the server. A JWT contains a base64-encoded header, base64-encoded claims, and base64-encoded signature to securely transmit claims between a browser and server.

Software
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
JavaScript Web Tokens JWT
JWT? JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
Browser Server Sequence Now
Browser Server Sequence Now
Technology has changed!
Why JWT? Cookies don’t work well with CORS Cookies require stateful servers APIS should be stateless JWT much more scalable CDN serve all the assets of your app, server side is just the API.
A Better Approach JWT doesn’t use sessions, has no problems with mobile, it doesn’t need CSRF and it works very well with CORS too. If you don’t have a valid token you can't do anything. JWT handle auth across devices and services without managing sessions on the server.
JWT Sequence
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpv aG4gRG9lIiwiYWRtaW4iOnRydWV9. TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFO NFh7HgQ What is a JWT? <base64-encoded header>. <base64-encoded claims>. <base64-encoded signature>
FYI You should not send any secret information using JWT, rather send information that is not secret but needs to be verified. For instance, sending a signed user id to indicate the user that should be logged in would work great! Sending a user's password would be super bad. Payload is not encrypted!
DEMO! Basic Demo
Links http://www.rfc-editor.org/rfc/rfc7519.txt http://jwt.io/ https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for- dotnet

More Related Content

PPTX
WCF 35
João Victorino
 
PPTX
Micro Web Service - Slim and JWT
Tuyen Vuong
 
PDF
Gateway and secure micro services
Jordan Valdma
 
PDF
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
PDF
AngularU Recap
Frank Linehan
 
PDF
Jwt the complete guide to json web tokens
remayssat
 
PDF
Json web token api authorization
Giulio De Donato
 
PPTX
Microservices Security Patterns & Protocols with Spring & PCF
VMware Tanzu
 
WCF 35
João Victorino
 
Micro Web Service - Slim and JWT
Tuyen Vuong
 
Gateway and secure micro services
Jordan Valdma
 
What are JSON Web Tokens and Why Should I Care?
Derek Edwards
 
AngularU Recap
Frank Linehan
 
Jwt the complete guide to json web tokens
remayssat
 
Json web token api authorization
Giulio De Donato
 
Microservices Security Patterns & Protocols with Spring & PCF
VMware Tanzu
 

Similar to Jwt (20)

PPT
Developing Web Services With Oracle Web Logic Server
Gaurav Sharma
 
PDF
D1-3-Signaling
Oleg Levy
 
PPTX
DataPower Restful API Security
Jagadish Vemugunta
 
PDF
WebRTC Identity in SAML Federations
Mihály Mészáros
 
PPTX
Node js - Yns
Alex Amistad
 
PDF
Building a Robust Node.JS WebSocket Server.pdf
Cubix Global
 
DOCX
Web service through cxf
Roger Xia
 
PDF
Ajp notes-chapter-06
Ankit Dubey
 
DOCX
Rajeev_Resume
Rajeev Bhatnagar
 
PDF
Web Development Presentation
TurnToTech
 
PPTX
Web Programming
VijayapriyaP1
 
PDF
Toronto node js_meetup
Shubhra Kar
 
PDF
OpenSSO Tech Overview Aquarium
Eduardo Pelegri-Llopart
 
DOCX
Nitesh_Sr._Java_developer_Lead
Nitesh Dasari
 
PDF
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
Viktor Gamov
 
PDF
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
 
PPTX
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Michael J Geiser
 
PPTX
Windows Communication Foundation
Mahmoud Tolba
 
PDF
Real-Time with Flowdock
Flowdock
 
PDF
newSkills_09
Yue Chao Qin
 
Developing Web Services With Oracle Web Logic Server
Gaurav Sharma
 
D1-3-Signaling
Oleg Levy
 
DataPower Restful API Security
Jagadish Vemugunta
 
WebRTC Identity in SAML Federations
Mihály Mészáros
 
Node js - Yns
Alex Amistad
 
Building a Robust Node.JS WebSocket Server.pdf
Cubix Global
 
Web service through cxf
Roger Xia
 
Ajp notes-chapter-06
Ankit Dubey
 
Rajeev_Resume
Rajeev Bhatnagar
 
Web Development Presentation
TurnToTech
 
Web Programming
VijayapriyaP1
 
Toronto node js_meetup
Shubhra Kar
 
OpenSSO Tech Overview Aquarium
Eduardo Pelegri-Llopart
 
Nitesh_Sr._Java_developer_Lead
Nitesh Dasari
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
Viktor Gamov
 
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Michael J Geiser
 
Windows Communication Foundation
Mahmoud Tolba
 
Real-Time with Flowdock
Flowdock
 
newSkills_09
Yue Chao Qin
 
Ad

More from Frank Linehan (6)

PDF
Composition vs inheritance
Frank Linehan
 
PDF
Empathetic component design
Frank Linehan
 
PDF
Anti patterns in the wild
Frank Linehan
 
PDF
How mobile APM UI manages state at New Relic
Frank Linehan
 
PDF
Future of ui be micro
Frank Linehan
 
PDF
Angular pres
Frank Linehan
 
Composition vs inheritance
Frank Linehan
 
Empathetic component design
Frank Linehan
 
Anti patterns in the wild
Frank Linehan
 
How mobile APM UI manages state at New Relic
Frank Linehan
 
Future of ui be micro
Frank Linehan
 
Angular pres
Frank Linehan
 
Ad

Recently uploaded (20)

PPTX
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
PPTX
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
PPTX
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
PPTX
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PDF
On Software Engineers' Productivity - Beyond Misleading Metrics
Romén Rodríguez-Gil
 
PPTX
Presentation about variables and constant.pptx
kr2589474
 
PPTX
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
PDF
What to consider before purchasing Microsoft 365 Business Premium_PDF.pdf
Q-Advise
 
PDF
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PPT
Activate_Methodology_Summary presentatio
annapureddyn
 
PPTX
Presentation about Database and Database Administrator
abhishekchauhan86963
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PDF
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
PDF
Download iTop VPN Free 6.1.0.5882 Crack Full Activated Pre Latest 2025
imang66g
 
PDF
Adobe Illustrator Crack Full Download (Latest Version 2025) Pre-Activated
imang66g
 
PDF
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
PPTX
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
PPTX
Role Of Python In Programing Language.pptx
jaykoshti048
 
PDF
Enhancing Healthcare RPM Platforms with Contextual AI Integration
Cadabra Studio
 
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
On Software Engineers' Productivity - Beyond Misleading Metrics
Romén Rodríguez-Gil
 
Presentation about variables and constant.pptx
kr2589474
 
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
What to consider before purchasing Microsoft 365 Business Premium_PDF.pdf
Q-Advise
 
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
Activate_Methodology_Summary presentatio
annapureddyn
 
Presentation about Database and Database Administrator
abhishekchauhan86963
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
Download iTop VPN Free 6.1.0.5882 Crack Full Activated Pre Latest 2025
imang66g
 
Adobe Illustrator Crack Full Download (Latest Version 2025) Pre-Activated
imang66g
 
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
Role Of Python In Programing Language.pptx
jaykoshti048
 
Enhancing Healthcare RPM Platforms with Contextual AI Integration
Cadabra Studio
 

Jwt