SlideShare a Scribd company logo

Json Web Token - JWT

Download as PPTX, PDF
Prashant Walke
Prashant Walke

JSON Web Tokens (JWT) are an open standard for securely transmitting information as a JSON object, commonly used for authorization and information exchange. They are compact, self-contained, and can be signed using either a secret or a key pair, which adds to their security and efficiency in user authentication. The document outlines the JWT format, its claims, and the authentication process involving the creation and verification of JWTs in application servers.

Education
1 of 12
Downloaded 193 times
1
2
3
4
5
6
7
8
9
10
Most read
11
Most read
12
Most read
JSON Web Token (JWT) Prashant Walke
Overview What is JSON Web Token? JSON Web Tokens Uses ● Authorization ● Information Exchange How do JSON Web Tokens work
What is JSON Web Token? ● JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. ● This information can be verified and trusted because it is digitally signed. ● JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
JSON Web Tokens Uses Authorization ● Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Information Exchange ● JSON Web Tokens are a good way of securely transmitting information between parties
Why should we use JSON Web Tokens? ● Security - Securely transmitting information between parties using public/private key pairs ● Ease - Ease of client-side processing of the JSON Web token on multiple platforms, especially mobile. ● Compact -Because of its size, it can be sent through an URL, POST parameter, or inside an HTTP header. Additionally, due to its size its transmission is fast. ● Self-Contained - The payload contains all the required information about the user, to avoid querying the database more than once.
How do JSON Web Tokens work?
JWT format header.payload.signature ● Header - consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. For example: { "alg": "HS256", "typ": "JWT" }
JWT format header.payload.signature ● Payload- Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims. For example: { "user_id": "4" }
JWT format header.payload.signature ● Signature - To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. For example (HMAC SHA256 algorithm): HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
JWT format Authentication Server User Sign In ([username/password]) User Authenticated, JWT Created and return to USER 1 2 {header.payload.signature } {JWT} User Application Server User passes [JWT] When making API Calls3 Application verifies and processes API Call4
JWT to verify the authenticity of a user ● User first signs into the authentication server using the authentication server’s login system (e.g. username and password, Facebook login, Google login, Twitter etc). ● The authentication server then creates the JWT and sends it to the user. ● When the user makes API calls to the application, the user passes the JWT along with the API call. ● In this setup, the application server would be configured to verify that the incoming JWT are created by the authentication server ● When the user makes API calls with the attached JWT, the application can use the JWT to verify that the API call is coming from an authenticated user.
Conclusion Definitely having reliable way to authenticate user is the first thing on the list and using JWT Authentication as an best authentication method.

More Related Content

What's hot (20)

PDF
JSON Web Tokens
Ivan Rosolen
 
PDF
Json web token
Mayank Patel
 
PDF
Jwt Security
Seid Yassin
 
PPTX
Understanding JWT Exploitation
AkshaeyBhosale
 
PDF
JSON Web Token
Deddy Setyadi
 
PDF
Spring Security
Knoldus Inc.
 
PDF
[OPD 2019] Attacking JWT tokens
OWASP
 
PPTX
Introduction to spring boot
Santosh Kumar Kar
 
PPTX
REST API 설계
Terry Cho
 
ODP
Introduction to Swagger
Knoldus Inc.
 
PPTX
Pentesting jwt
Jaya Kumar Kondapalli
 
PDF
REST APIs with Spring
Joshua Long
 
PPTX
Json web tokens
ElieHannouch
 
PDF
Swagger
NexThoughts Technologies
 
PPTX
Spring Boot
Jiayun Zhou
 
PPTX
An Introduction to OAuth 2
Aaron Parecki
 
PPTX
Rest API
Rohana K Amarakoon
 
PDF
Demystifying OAuth 2.0
Karl McGuinness
 
PPTX
Rest api with node js and express
GirlsInTechnology Nepal
 
PPTX
Flask – Python
Max Claus Nunes
 
JSON Web Tokens
Ivan Rosolen
 
Json web token
Mayank Patel
 
Jwt Security
Seid Yassin
 
Understanding JWT Exploitation
AkshaeyBhosale
 
JSON Web Token
Deddy Setyadi
 
Spring Security
Knoldus Inc.
 
[OPD 2019] Attacking JWT tokens
OWASP
 
Introduction to spring boot
Santosh Kumar Kar
 
REST API 설계
Terry Cho
 
Introduction to Swagger
Knoldus Inc.
 
Pentesting jwt
Jaya Kumar Kondapalli
 
REST APIs with Spring
Joshua Long
 
Json web tokens
ElieHannouch
 
Swagger
NexThoughts Technologies
 
Spring Boot
Jiayun Zhou
 
An Introduction to OAuth 2
Aaron Parecki
 
Rest API
Rohana K Amarakoon
 
Demystifying OAuth 2.0
Karl McGuinness
 
Rest api with node js and express
GirlsInTechnology Nepal
 
Flask – Python
Max Claus Nunes
 

Similar to Json Web Token - JWT (20)

PDF
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
PPTX
API
Masters Academy
 
PDF
Angular - Chapter 9 - Authentication and Authorization
WebStackAcademy
 
PPTX
Micro Web Service - Slim and JWT
Tuyen Vuong
 
PDF
Jwt with flask slide deck - alan swenson
Jeffrey Clark
 
PDF
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
 
PDF
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
PPTX
Towards Interoperability between W3C Web of Things and NGSI-LD
José Manuel Cantera Fonseca
 
PDF
Introduction to SAML & OIDC
ForgeRock Identity Tech Talks
 
PDF
FIWARE Global Summit - The Way Towards Interoperability between Web Of Things...
FIWARE
 
PPTX
Building IAM for OpenStack
Steve Martinelli
 
PDF
The OpenID Connect Protocol
Clément OUDOT
 
PDF
5 easy steps to understanding json web tokens (jwt)
Amit Gupta
 
PDF
2016 pycontw web api authentication
Micron Technology
 
PPT
Securing RESTful API
Muhammad Zbeedat
 
PPTX
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
DataWorks Summit
 
PPTX
JsonWebTokens ppt - explains JWT, JWS , JWE Tokens
nagarajapallafl
 
PPT
Scalable Reliable Secure REST
guestb2ed5f
 
PDF
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
PPT
Ssl https
Andrada Boldis
 
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
API
Masters Academy
 
Angular - Chapter 9 - Authentication and Authorization
WebStackAcademy
 
Micro Web Service - Slim and JWT
Tuyen Vuong
 
Jwt with flask slide deck - alan swenson
Jeffrey Clark
 
iMasters Intercon 2016 - Identity within Microservices
Erick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
iMasters
 
Towards Interoperability between W3C Web of Things and NGSI-LD
José Manuel Cantera Fonseca
 
Introduction to SAML & OIDC
ForgeRock Identity Tech Talks
 
FIWARE Global Summit - The Way Towards Interoperability between Web Of Things...
FIWARE
 
Building IAM for OpenStack
Steve Martinelli
 
The OpenID Connect Protocol
Clément OUDOT
 
5 easy steps to understanding json web tokens (jwt)
Amit Gupta
 
2016 pycontw web api authentication
Micron Technology
 
Securing RESTful API
Muhammad Zbeedat
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
DataWorks Summit
 
JsonWebTokens ppt - explains JWT, JWS , JWE Tokens
nagarajapallafl
 
Scalable Reliable Secure REST
guestb2ed5f
 
Keycloak SSO basics
Juan Vicente Herrera Ruiz de Alejo
 
Ssl https
Andrada Boldis
 
Ad

Recently uploaded (20)

PDF
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
PDF
Android Programming - Basics of Mobile App, App tools and Android Basics
Kavitha P.V
 
PDF
Characteristics, Strengths and Weaknesses of Quantitative Research.pdf
Thelma Villaflores
 
PDF
Introduction presentation of the patentbutler tool
MIPLM
 
PDF
AI-Powered-Visual-Storytelling-for-Nonprofits.pdf
TechSoup
 
PDF
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
PDF
Vani - The Voice of Excellence - Jul 2025 issue
Savipriya Raghavendra
 
PPTX
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
PPTX
Cultivation practice of Litchi in Nepal.pptx
UmeshTimilsina1
 
PDF
Council of Chalcedon Re-Examined
Smiling Lungs
 
PDF
Mahidol_Change_Agent_Note_2025-06-27-29_MUSEF
Tassanee Lerksuthirat
 
PPTX
infertility, types,causes, impact, and management
Ritu480198
 
PPTX
DAY 1_QUARTER1 ENGLISH 5 WEEK- PRESENTATION.pptx
BanyMacalintal
 
PPTX
Controller Request and Response in Odoo18
Celine George
 
PPTX
Post Dated Cheque(PDC) Management in Odoo 18
Celine George
 
PDF
Aprendendo Arquitetura Framework Salesforce - Dia 03
Mauricio Alexandre Silva
 
PPTX
EDUCATIONAL MEDIA/ TEACHING AUDIO VISUAL AIDS
Sonali Gupta
 
PPTX
How to Create a Customer From Website in Odoo 18.pptx
Celine George
 
PPTX
How to Send Email From Odoo 18 Website - Odoo Slides
Celine George
 
PPTX
Universal immunization Programme (UIP).pptx
Vishal Chanalia
 
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
Android Programming - Basics of Mobile App, App tools and Android Basics
Kavitha P.V
 
Characteristics, Strengths and Weaknesses of Quantitative Research.pdf
Thelma Villaflores
 
Introduction presentation of the patentbutler tool
MIPLM
 
AI-Powered-Visual-Storytelling-for-Nonprofits.pdf
TechSoup
 
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
Vani - The Voice of Excellence - Jul 2025 issue
Savipriya Raghavendra
 
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
Cultivation practice of Litchi in Nepal.pptx
UmeshTimilsina1
 
Council of Chalcedon Re-Examined
Smiling Lungs
 
Mahidol_Change_Agent_Note_2025-06-27-29_MUSEF
Tassanee Lerksuthirat
 
infertility, types,causes, impact, and management
Ritu480198
 
DAY 1_QUARTER1 ENGLISH 5 WEEK- PRESENTATION.pptx
BanyMacalintal
 
Controller Request and Response in Odoo18
Celine George
 
Post Dated Cheque(PDC) Management in Odoo 18
Celine George
 
Aprendendo Arquitetura Framework Salesforce - Dia 03
Mauricio Alexandre Silva
 
EDUCATIONAL MEDIA/ TEACHING AUDIO VISUAL AIDS
Sonali Gupta
 
How to Create a Customer From Website in Odoo 18.pptx
Celine George
 
How to Send Email From Odoo 18 Website - Odoo Slides
Celine George
 
Universal immunization Programme (UIP).pptx
Vishal Chanalia
 
Ad

Json Web Token - JWT

  • 2. Overview What is JSON Web Token? JSON Web Tokens Uses ● Authorization ● Information Exchange How do JSON Web Tokens work
  • 3. What is JSON Web Token? ● JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. ● This information can be verified and trusted because it is digitally signed. ● JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
  • 4. JSON Web Tokens Uses Authorization ● Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Information Exchange ● JSON Web Tokens are a good way of securely transmitting information between parties
  • 5. Why should we use JSON Web Tokens? ● Security - Securely transmitting information between parties using public/private key pairs ● Ease - Ease of client-side processing of the JSON Web token on multiple platforms, especially mobile. ● Compact -Because of its size, it can be sent through an URL, POST parameter, or inside an HTTP header. Additionally, due to its size its transmission is fast. ● Self-Contained - The payload contains all the required information about the user, to avoid querying the database more than once.
  • 6. How do JSON Web Tokens work?
  • 7. JWT format header.payload.signature ● Header - consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. For example: { "alg": "HS256", "typ": "JWT" }
  • 8. JWT format header.payload.signature ● Payload- Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims. For example: { "user_id": "4" }
  • 9. JWT format header.payload.signature ● Signature - To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. For example (HMAC SHA256 algorithm): HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
  • 10. JWT format Authentication Server User Sign In ([username/password]) User Authenticated, JWT Created and return to USER 1 2 {header.payload.signature } {JWT} User Application Server User passes [JWT] When making API Calls3 Application verifies and processes API Call4
  • 11. JWT to verify the authenticity of a user ● User first signs into the authentication server using the authentication server’s login system (e.g. username and password, Facebook login, Google login, Twitter etc). ● The authentication server then creates the JWT and sends it to the user. ● When the user makes API calls to the application, the user passes the JWT along with the API call. ● In this setup, the application server would be configured to verify that the incoming JWT are created by the authentication server ● When the user makes API calls with the attached JWT, the application can use the JWT to verify that the API call is coming from an authenticated user.
  • 12. Conclusion Definitely having reliable way to authenticate user is the first thing on the list and using JWT Authentication as an best authentication method.