JWT (JSON Web Token)
Comprehensive Guide to JWT (JSON Web Tokens) Usage
A JWT (JSON Web Token) contains metadata that can be extracted and interpreted by any bearer that has the token. JWT usually contains real information, so it can be of variable size depending on the claims contained within it and the algorithm used to sign it.
JWT Structure:
A JWT typically consists of three parts:
- Header: Contains metadata about the type of token and the cryptographic algorithms used.
- Payload: Contains the claims. These claims can be standard claims (like issuer, subject, expiration time) and custom claims.
- Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Validation Process:
Any holder of the JWT can inspect it, validate it and then optionally make authorization decisions based on the claims presented in it. At a very high level, validating the JWT involves the following steps:
- Decode the Base64Url encoding.
- Verify the JWT's structure.
- Verify the key is correct.
- Verify the signature.
- Verify the expiry of the JWT.
- Ensure required claims are present and valid.
Example of a JWT:
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImM2YWY3ZDhmYzJmMjQ4OGE5MTY1NDJjMzI1N2ZkOWQ1Iiwiamt1IjoiaHR0cHM6Ly9pZC51YXQuZXUubmV4dHJlYXNvbi5jb20vLndlbGwta25vd24vandrcyJ9.eyJpc3MiOiJodHRwczovL2lkLnVhdC5ldS5uZXh0cmVhc29uLmNvbSIsInN1YiI6ImRmOWE5NGM4LWIzZDItNDdiYS04YTNkLTVlZDgzYmM5MDI4MCIsImNsaWVudF9pZCI6ImN3bXdnOWc4eGF5NzJydXM4N2E2OGh4dDg2eDQ5dDN3IiwiYXVkIjpbImN3bXdnOWc4eGF5NzJydXM4N2E2OGh4dDg2eDQ5dDN3Il0sImlhdCI6MTY1NDYzODMzOSwibmJmIjoxNjU0NjM4MzM5LCJleHAiOjE2NTQ2MzgzNjksImp0aSI6Ii1QTW5jckRYWGQ3bjhnNkthOFJNRkVpeS1FTFhmcG5yS2dGUllQRmhXNEkiLCJzY29wZSI6InByb2ZpbGUgb3BlbmlkIHBob25lIGVtYWlsIGFrYW1haTptYXJrZXQgbmk6c29jaWFsX3Byb2ZpbGUgYWRkcmVzcyJ9.KKRURcDnSh53IqrJvPgG-ET6KNJ4v6gdtWndBHEJ0iUtbm3Op29wvTWseT6movX7DsMj155HjxMqagHeerYlmo9T6RMKdRev5--pEUIYx4GGP7DMkFn3XdToxTPCvXaFtW4afy7jJVBi-B7oPPFihC9Zy5quwKEsa6I41khhuZ-pehvW6fUbcac9E0f3Cv8Sz2YalhS1TKH1iAc1IkYLyVdzUUVvmpOhGj_wm-pb9TEZ2MLe6mqWmZ2Sqhrw5c_X9tqs8zmnsM2Fqy_onh7hMmg2rxIjQsFiaA6xK8o_w3cynzLIr33KCdZKUGULzOVQMFDJuevinJkI9MYSh7krIw"
Updated about 1 year ago