Skip to main content

JWT - Json Web Token


How to make sure that the document is written by me and only me.  In a physical world, we usually signed under the document with our unique handwriting. Now the second party should identify that it is my signature. Still, chances are there, people will manipulate the content. To avoid the same we used to sign granular pieces of the information i.e. each page.  It is not easy to replace content in a single page. Not yet.  So this makes sure information is authenticated by me and can be quoted for me. 
    
Now, how do we do the same practice in the virtual world? We use JWT (JSON WEB TOKEN).  A JSON web token is simply JSON payload containing a particular claim. It has three parts all separated by ".". 

  • Header 
  • Payload 
  • Signature 
Header:

The header typically consists of two parts: the type of token, which is JWT, and the hashing algorithm that is used, such as HMAC SHA256 or RSA. Its base64 encoded string. 


{
  "alg": "HS256",
  "typ": "JWT"
}


Payload:

Its has the claim of the user. Its also base64 encoded string. 


{
  "expireAt": "1234567890",
  "name": "John Doe",
  "role": "admin"
}


Signature:

Signature of the above information will be created by the below method:

HMACSHA256( base64UrlEncode(header)+ "." +
                            base64UrlEncode(payload), secret_key);
 



Below is HMAC SHA 256 token:
Red is Header 
Blue is payload 
The last one is the signature.


eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYWRtaW4iLCJuYW1lIjoiSm9obiBEb2UiLCJleHBpcmVBdCI6MTUxNjIzOTAyMn0.f6wsQSs6Z7zk94B7Y6RskvUb1RLBkenl3oAzzwRneNk

Reference: Validate your JWT token here. https://jwt.io/

Comments

Post a Comment

Popular posts from this blog

Car Parking Problem

There is n parking slots and n-1 car already parked. Lets say car parked with initial arrangement and we want to make the car to be parked to some other arrangement. Lets say n = 5, inital = free, 3, 4, 1, 2 desired = 1, free, 2, 4 ,3 Give an algorithm with minimum steps needed to get desired arrangement. Told by one of my friend and after a lot of search i really got a nice solution. I will post solution in comment part
3 comments
Read more

JAVA CLASSLOADER- Types, usages.

JVM loads library and classes dynamically only. Its on demand only. A Class will be loaded only when needed and only once. There can be system supported class loader and user supplied class loader. When JVM starts it loads three type of class loader 1. Bootstrap loader - When system boots. Loads from jre_home/lib/ 2. External class loader - Loads from jre_home/lib/ext. 3. System Class loader - Loads classes from system property CLASSPATH. Besides this user can provide their own class loader which is pretty easy to implement in Java. User supplied loader will work in conjunction with other loader i.e. system loader too. Some of the examples are: 1. Load library at runtime from http resources. Example scripting classes, bean classes. 2. Can load encrypted class files with new class loader. 3. Modify the byte code. Application Container loads classes from deployed WAR or EAR files using a tree of class loaders.
Post a Comment
Read more

Permutations Sum(xi)

You have given "k" dice. How many way you can get a sum "S" and yes you have to throw all the dice. Write program for this. Its same permutations program...but we have to try with all the six S(1,2,3,4,5,6) possibilities for a dice. Exit condition will be If all the dice run out. SumP(dice,sum) = SumP(dice-1,sum-i)+i (from S).
1 comment
Read more