Created
May 12, 2017 20:31
-
-
Save jahe/0b6d8aad548f4ceaa34beae7809e1bfd to your computer and use it in GitHub Desktop.
JWT Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JSON Web Token | |
| Client - Sends requests to the Server | |
| Server - Doesn't trust a Clients request unless it is authenticated | |
| On Login with Username + Password the Server creates a JWT which is | |
| returned to the Client. | |
| The Client has to store the Token and send it along with any upcoming | |
| request. | |
| The Server can now verify the Token: | |
| - Who is it from? | |
| - Has it been manipulated? | |
| If the verification is successful the Server sends the response to the Client. | |
| The Server doesn't have to store some kind of session data so that | |
| it stays stateless. | |
| A JWT Token consists of: | |
| 1. Header - JSON object consisting of a type (Here it is "JWT") and the algorithm used by the sender to encrypt the JWT | |
| 2. Payload - JSON object consisting of user-defiend attributes (called public claims) and attributes defined by the standard (called reserved claimes) | |
| 3. Signature - The encoded Header + Payload signed with a secret. The secret is kept on the sender and the receiver: These two are able to decrypt it but no one else | |
| A finished Token looks like <encoded-header>.<encoded-payload>.<signature> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment