11 Authentication JSON Web Token

JSON Web Tokens

JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

When should you use JSON Web Tokens?

Authorization
Information Exchange

JSON Web Token Structure

Consist of three parts separated by dots (.), which are:

Header
Payload
Signature

Header

Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

Payload

Contains the claims. Claims are statements about an entity and additional data. There are three types of claims: registered, public, and private claims.

Registered Claims:
Public Claims:
Private Claims:

Signature

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

Password Complexity

Password must meet at least 3 out of the following 4 complexity rules
- at least 1 uppercase character
- at least 1 lowercase character
- at least 1 digit
- at least 1 special character (punctuation) - spaces count
At least 10 characters
At most 128 characters
not more than 2 identical characters in a row

11 Authentication JSON Web Token

JSON Web Tokens

When should you use JSON Web Tokens?

JSON Web Token Structure

Header

Payload

Signature

Password Complexity

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally