JWT Overview: -
If you know what are JSON Web Tokens, you might wonder how they actually work.🤔️
JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims.
☺️ In simple English- Token-based authentication is a protocol that allows users to confirm their identity and obtain a unique access token in return. Users do not need to re-enter their credentials when they go back to the same web page, app, or any resource protected with that same Token's life
It might be hard for beginners to understand at first glance.
For now just understand, JSON Web Tokens are used while User authentication.
How It Works?
Lets divide the whole process in 4 steps👇️
👉️ INITIAL REQUEST: - A user tries to access a restricted resource. The user must initially verify their identity without the use of a token, for as by using a username or password.
👉️ VERIFICATION: - If the user's credentials are valid, the authentication server verifies their rights on the requested system.
👉️ TOKEN: - After verification, the server delivers a TOKEN to the user that contains a REFERENCE to their identity.
👉️ STORAGE: - The token is kept by the users either in the browser or on their mobile devices. They can now authenticate in the future without having to use their credentials.
Why use JWT?🤷️
🤞️ Advantages of using JWTs include the following:
👉️ They are lightweight and easy to use by client applications: for example, mobile applications.
👉️ They are self-contained, which means that the Liberty JVM server can consume the token directly and use a claim from the token as the identity for running the request.
👉️ They can be symmetrically signed by a shared secret by using the HMAC algorithm, or asymmetrically by using a private key.
👉️ They have a built-in expiry mechanism.
👉️ They can be extended to contain custom claims.
Anatomy of JWT: -
A JWT consists of three parts: a header, payload, and signature. The header typically consists of two parts: the type of the token, which is JWT, and the algorithm that is used, such as HMAC SHA256 or RSA SHA256. It is Base64Url encoded to form the first part of the JWT.
JWT Authentication Flow.
- The user logs in using their credentials.
- When the user is authenticated, a JWT is returned.
- When the user wants to access a protected resource, the client application sends the JWT, typically in the HTTP Authorization header.
- The JWT is then used by the application server, such as CICS, to identify the user and allow access to the resource.
Conclusion: -
Its easy to understand particular concept if they are taught better.
Comment your thoughts.
Subscribe for more upcoming tech blogs..
Top comments (0)