Lanka Developers Community

    Lanka Developers

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Shop

    මොනවද මේ JWT කියන්නෙ ?

    Blogs
    jwt api json web token
    9
    14
    3253
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Shaavi
      Shaavi last edited by

      “JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.”

      When to use JWT?

      • Authorization: This is the most common use of jwt. Everytime a user is logged in to the system, a token is generated to the subsequent user. This permits the user to have access to use the routes, services, and resources whenever he needs.

      • Information Exchange: JWts are a great way of securely transmitting data between two parties. As the jwts can be signed, for example using public/private keys of each user it is possible to identify whether the senders are people who they say they are. As the signature is calculated using header and a payload it is possible to verify that the content hasn't been tampered with.

      What is the JWT structure?

      JWT consist of three parts separated by dots (.), which are:

      • Header
      • Payload
      • Signature

      Therefore, a JWT typically looks like the following.
      header.payload.signature

      Header

      Headers consist of type of token which is JWT, and the hashing algorithm such as HS256, HMAC, SHA256 or RSA.

      {
        "alg": "HS256",
        "typ": "JWT"
      }
      

      Then, the above JSON is Base64Url encoded to form the first part of the JWT.

      Payload

      Payload contains claims which are the information about the entity

      The JWT specification defines seven claims that can be included in a token. The registered name claims are:

      • iss
      • sub
      • aud
      • exp
      • nbf
      • iat
      • Jti

      You can also use private name claims which is used to convey identity related info such as name or category. When naming these, it is necessary to avoid name collisions because public and private claims are not registered.

      An example of payload could be:

      {
        "sub": "1234567890",
        "name": "John Doe",
        "admin": true
      }
      

      The payload is then Base64Url encoded to form the second part of the JSON Web Token.

      Signature

      This is made using the encoded headeer, encoded payload, secret, the algorithm specified in the header, and sign.

      The below signature is created using the HMAC SHA256 algorithm.

      HMACSHA256(
        base64UrlEncode(header) + "." +
        base64UrlEncode(payload),
        secret)
      

      You can use https://jwt.io/ whenever you want to check jwt tokens and see the connection between the header, payload, and the signature.

      alt text

      1 Reply Last reply Reply Quote 3
      • Nubelle
        Nubelle Web Development last edited by

        Thanks bro

        Shaavi 1 Reply Last reply Reply Quote 0
        • root
          root Linux Help last edited by

          good article. thnx bro

          Shaavi 1 Reply Last reply Reply Quote 0
          • dev_lak
            dev_lak last edited by

            nice explanation

            Shaavi 1 Reply Last reply Reply Quote 0
            • lkdev
              lkdev last edited by

              thnx bro. come with another good article good luck

              Shaavi 1 Reply Last reply Reply Quote 0
              • Shaavi
                Shaavi @Nubelle last edited by

                @Malith thank you

                1 Reply Last reply Reply Quote 0
                • Shaavi
                  Shaavi @root last edited by

                  @root thanks

                  1 Reply Last reply Reply Quote 1
                  • Shaavi
                    Shaavi @dev_lak last edited by

                    @dev_lak thanks a lot

                    1 Reply Last reply Reply Quote 1
                    • Shaavi
                      Shaavi @lkdev last edited by

                      @lkdev thank you I will

                      1 Reply Last reply Reply Quote 1
                      • shehan_s
                        shehan_s last edited by

                        Great explanation! Keep it up dude.

                        1 Reply Last reply Reply Quote 1
                        • the_inspired_dev
                          the_inspired_dev last edited by

                          Like to see more of this kind of articles in Sinhla 😊

                          1 Reply Last reply Reply Quote 2
                          • Harsha Sampath
                            Harsha Sampath Web Development last edited by

                            Thanks මචන්. මේවයේ සින්හල version එකකුත් යනවා නම් පට්ට. අපේ ගොඩක් උන් security මුකුත් නැතුව app හදනව ඔවා දන්නේ නැති නිසා.

                            lkdev 1 Reply Last reply Reply Quote 1
                            • lkdev
                              lkdev @Harsha Sampath last edited by

                              @Harsha-Sampath

                              Ow godak ma ewage security aththema na

                              1 Reply Last reply Reply Quote 0
                              • Ravindu Yasas
                                Ravindu Yasas FOSS last edited by

                                thanks bro!

                                1 Reply Last reply Reply Quote 0
                                • 1 / 1
                                • First post
                                  Last post

                                1
                                Online

                                3.7k
                                Users

                                1.3k
                                Topics

                                5.3k
                                Posts

                                • Privacy
                                • Terms & Conditions
                                • Donate

                                © Copyrights and All right reserved Lanka Developers Community

                                Powered by Axis Technologies (PVT) Ltd

                                Made with in Sri Lanka

                                | |