JWT – JSON Web Token – Introduction


As we know, HTTP is a stateless protocol where each request is treated as an independent request. For rendering static web page, this could still be fine, but what if the web application needs to track a user across multiple requests.That is where Session and state management came to the picture. The server will authenticate the user and if it’s a valid request, the server will save the session id and return the same to the client. The client can pass this session-id for any subsequent request. The server will check for the session id and will process the request for the client.

With server-side session management, scalability can be a challenge, say we have a load-balanced scenario, the user sends a session id in the request which goes to a different server which knows nothing about the session causing failure. Now we can always save the session id in the database which will bring its overhead.

This is where JWT – JSON Web Token comes to rescue that comply with the stateless nature of the HTTP.

JSON is an open standard RFC 7519, that defines a compact and self-contained method for securely transferring information between parties.

The format of JSON Web Token

header.payload.signature

payload is the part of transmitted data that is the actual intended message in computing.

The header will typically contain

  • typ – the type of media, JWT in this case.
  • alg – the algorithm used for signing and/or decryption the JWT

The payload contains information about the client or set of claims. There are seven registered (public) claims and we can define private (custom) claims also.

iss issuer The party that issued the JWT
sub subject The party that this JWT carries information
aud audience Intended recipient
exp expiration Exact moment from which the JWT is considered invalid in ‘seconds since Epoch’ format
nbf from not before Exact moment from which the JWT is considered valid.
Iat Issued at time Time when the JWT was issued
jti JWT ID Unique identifier for this JWT

The third part signature is computed as follows:

Header and Payload are encoded using Base64url encoding and are concatenated with a period separator.

This is then run through the algorithm specified in the header.

HS256(secret, base64URLEncoding(header) + “.” + base64URLEncoding(payload))

The signature is also encoded using Base64urlEncoding

Finally, the token will be

token= base64urlEncoding(header) + ‘.’ + base64urlEncoding(payload) + ‘.’ + base64urlEncoding(signature)

We can encode or decode JWTs at

https://www.jsonwebtoken.io

Here changing the Payload will change the JWT String.

The flow will look something like below

Get the free comprehensive guide on JWT

https://auth0.com/resources/ebooks/jwt-handbook/

Hope it helps..

Author: Nishant Rana

I love working in and sharing everything about Microsoft.NET technology !

One thought on “JWT – JSON Web Token – Introduction”

Please share your thoughts

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

The CRM Ninja

Thoughts & musings from a Dynamics 365 Ninja!

CRM for You and Me

Customer Relationship Mgt App for the Professional

D CRM Explorer

Learn about Microsoft Dynamics CRM Power Platform customization and implementation and other cool stuffs

Stroke // Jonas Rapp

I know pre-stroke. I will improve who I was.

Power Melange

Power Melange By Shalinee

Clavin's Blog

Power Automate - Power Apps - SharePoint Online - Azure - Nintex - K2 - Artificial Intelligence

Sat Sangha Salon

An Inquiry in Being

The Indoencers

The Influencers & Influences of Indian Music

Monika Halan's blog

Hand's-free money management

D365 Demystified

A closer look at Microsoft Dynamics 365.

Microsoft Mate (msftmate) - Andrew Rogers

Experienced consultant primarily focused on Microsoft Dynamics 365 and the Power Platform

Knowhere365

Specific topics by Django Lohn on the whole Microsoft365 Stack

Manmit Rahevar's Blog

One Stop Destination for Microsoft Technology Solutions

MG

Naturally Curious

Brian Illand

Power Platform and Dynamics 365

Steve Mordue MVP

A Microsoft Business Applications MVP

Subwoofer 101

Bass defines your home theater

SQLTwins by Nakul Vachhrajani

SQL Server tips and experiences dedicated to my twin daughters.

Everything D365

Discovering Azure DevOps and D365 Business Applications

Tech Wizard

Lets do IT Spells

Two Bite Tips

Valuable Tips To Grow Your Business

XRM Tricks (Power Platform & Dynamics CRM )

Power Platform & Dynamics CRM

CRM TIPS BY PRM

Mail to crmtipsbyprm@gmail.com for queries and suggestions

nijos.dev

Giving back to the community what I have learned

xrm CRM Dynamics

Dynamics CRM Technical & Functional Info

Dynamics 365 Blogs - Explained in unique way

Sometimes you need to look at things from different perspective.

CRM Keeper

Dynamics 365 Customer Engagement, CRM, Microsoft CRM, Dynamics CRM

EVOLVED365

Step into the world of a Dynamics 365 Consultant

Dianamics PCF Lady

Diana & Dynamics 365 & Power Platform

Sara Lagerquist

No Code Customization Concepts

innovativeaj

developer, designer, writer, fun loving, patriotic, humble and a sweet person inside out :) love and respect people who have a great sense of humor.

Temmy Wahyu Raharjo

Dreaming to be a clean coder and TDD minded programmer.

Transform 365

We blog about problems we face and code we write to help others

%d bloggers like this: