JSON Web Tokens (JWT)

-
JSON Web Token (JWT) is a popular standard for Authorization and Information Exchange between parties. For Authorization the Token is used to access services routes and resources following a successful login. Whereas for Information Exchange the token can be used to ensure that the senders are who the claim they are and that the information has not been tempered with.

The following example illustrates how JWT is used for Authorization.
The above example illustrates how a user first call a Authentication server to prove that he has a user account. Once the server has verified that the user exists the JWT is created with the rights of the user. The JWT is then returned to the user application where it is added to a API call to a content server which based on the rights in the JWT returns the requested content.

A JWT consists of three elements.

  • Header
  • Payload
  • Signature

Header
The header is being used as the informative part of the token, hence it often only contains two elements which states what kind of Token you're dealing with and the signing algorithm that is being used in the Token.

Payload
The second part of the token is where the content is stored, such as access rights or user information. It is however important to be aware that even though the token is protected against data tempering the data within is readable by anyone. You should therefore never as a developer of a system using JWT include sensitive data such as passwords or banking information in such token unless it is encrypted.

Signature
The last part of the token is the signature which is the part used to secure that the token and the data of the header or payload has not been tempered with. A signature is created using the algorithm specified in the header which receives a base 64 encoding of the header+payload as input along with a secret(word).


Getting started using JWT following the link below:
https://jwt.io/




Kommentarer

Send en kommentar

Populære opslag fra denne blog

Neuralink - The merging of Brain and Machine

-
Billede
It has been showcased in numerous movies, how people in sci-fi universes is capable of uploading their brain to a computer or a network either to escape death or as way to achieve super human intelligence. However, as of now such ideas has been kept within fiction and not something that anyone thought could be possible in the near future, this however might just have changed after Elon Musk and the Neuralink company revealed their current research at a press conference which took place Tuesday 16th of July 2019. So in this blog post we will look further into exactly what Neuralink is doing and how they are doing it, along with some advise of how you can get into this exiting area yourself. Should you be interested in the full Neuralink event it can be seen at Neuralinks own YouTube channel below: What is Neuralink? The company were founded in 2016 by Elon Musk and 8 others and has since its founding raised more than 150 million dollars in funding to support its vision and f...
Læs mere

Uber Technology Stack

-
Billede
The Content of this blog post is based on:  https://eng.uber.com/tech-stack-part-one/ Almost everyone in the western world is familiar with the app called Uber. Uber is without doubt the most popular service of reliable transportation. By focusing entirely on mobile platforms they are a so called next generation company, which takes advantages of how a simple application build up around a strong inovative idea can make an impact on millions of people around the world. However a good idea and a great UI can't stand alone, especially not when dealing with such a large user base. In this blog post we will try break down the technology stack used in Uber. As Ubers user base has grown with such a rapid speed, they now face similar global scaling problems as some of the most successful software companies. The infrastructure and storage of Uber has therefore changed since their first launch and will most likely conteniue to do so as new solutions is found to optimize todays stand...
Læs mere

Python Password Hashing (Bcrypt)

-
Billede
A hash is designed to act as ”one-way-function” making it easy to perform but very hard to reverse. The reason why this is so beneficial when it comes to password managing and login handling, is because it allows the developers to convert the original password into a unique phrase that can be stored in the database. By using a hash function the application don’t have to match the original password in clear text with the password given upon login as it does not know what that password is. Instead it only need to know what hashing function where used and then see if the password entered generates the same hash value as the one saved in the database. This little trick provides the same login functionality as when all passwords were in clear text but the difference here is that now it’s only the user who knows exactly what the password is. Is Hashing flawless? However this technique is not flawless, as nothing is really secure when it comes to Information Security. Since the has...
Læs mere