페이지

2024년 4월 27일 토요일

JSON WEB TOKEN STRUCTURE

 A JSON Web Token is created of three separate parts separated by dots(.) which include:

aaaaaaaa.bbbbbbbb.cccccccc

- Header: (a)

- Payload: (b)

- Signature: (c)


1) JWT HEADER

- A JWT header usually consist of two parts:

  (alg) The alorithm for signing

  "typ" The specific type of token

{

    "alg": "HS256",

    "typ": "JWT"

}

- The JWT header is then encoded using Base64 to create the first part of the JWT (a)


2) JWT PAYLOAD

- A JWT Payload consists of the data. The Payloads data contains claims, and there are three different types of claims.

  Registered

  Public

  Private

{

   "sub": "1334567890",

   "name": "gildong hong",

   "last_name": "gildong",

   "first_name": "hong",

   "email": "abc@zyx.com"

   "admin": true

}


- The JWT Payload is then encoded using Base64 to create the second part of the JWT(b)


3) JWT SIGNATURE

- A JWT Signature is created by using the algorithm in the header to hash out the encoded header, encoded payload with a secret.

HMACSHA256(

    base64UrlEncode(header) + "." +

    base64UrlEncode(payload),

    secret)


- The secret can be anything, but is saved somewhere on the server that the client does not have access to


- The signature is the third and final part of a JWT(c)







JSON WEB TOKEN(JWT) OVERVIEW

 JWT is one of the most popular bear tokens in authorization protocols within APIs.


1. What is a JSON WEB TOKEN?

- JSON Web Token is a self-contrainer way to securely transmit data and information between two parties using a JSON Object.

- JSON Web Tokens can be trusted because each JWT can be digitally signed, which in return allows the server to know if the JWT has been changed at all

- JWT should be used when dealing with authorization

- JWT is a great way for information to be exchanged between the server and client