A JSON Web Token is created of three separate parts separated by dots(.) which include:
aaaaaaaa.bbbbbbbb.cccccccc
- Header: (a)
- Payload: (b)
- Signature: (c)
1) JWT HEADER
- A JWT header usually consist of two parts:
(alg) The alorithm for signing
"typ" The specific type of token
{
"alg": "HS256",
"typ": "JWT"
}
- The JWT header is then encoded using Base64 to create the first part of the JWT (a)
2) JWT PAYLOAD
- A JWT Payload consists of the data. The Payloads data contains claims, and there are three different types of claims.
Registered
Public
Private
{
"sub": "1334567890",
"name": "gildong hong",
"last_name": "gildong",
"first_name": "hong",
"email": "abc@zyx.com"
"admin": true
}
- The JWT Payload is then encoded using Base64 to create the second part of the JWT(b)
3) JWT SIGNATURE
- A JWT Signature is created by using the algorithm in the header to hash out the encoded header, encoded payload with a secret.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret)
- The secret can be anything, but is saved somewhere on the server that the client does not have access to
- The signature is the third and final part of a JWT(c)
댓글 없음:
댓글 쓰기