Introduction To JSON Web Token

Introduction

JSON Web Token is an open industry standard RFC7516 method for representing claims between two parties that we will look at in this blog. JSON Web Token is an open standard that allows data to be transmitted between parties as a JSON file that is securely signed and trusted. JWT Token Authentication is widely popular in Website Development. JWT Token Authentication can be signed using a secret (with HMAC Algorithm) or with public or private key pairs using RSA or ECDSA.

JSON Web Token can be encrypted and provide secrecy between the parties. We will focus on signed tokens to verify the claims contained with It. JSON Web Token looks like this

JSON Web Token Example from Real-World Project

In my next article code for this project will be available

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiTXVkYXNzYXIiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9tb2JpbGVwaG9uZSI6IjAzNDc1ODc4MTg5IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZW1haWxhZGRyZXNzIjoibWtoYW5AdmFwb3J2bS5jb20iLCJqdGkiOiJiZTc4YmY1OC0wZDg3LTRjZWUtYTJmNC0xOGM3ZjVmZmU2NGQiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbiIsImV4cCI6MTY0NTQ0MTI2MX0.17WuapLSXYLiMGErZB1dtmBFKz5xuJvxTWQsSS57GLk",

 But if want to see what is inside this JSON Web Token we first go to jwt.io

https://jwt.io/#debugger-io

Follow the link above and Decode this Token and we will see what is inside this token

Copy your JSON Web Token and go the jwt.io and open the debugger tab

Copy and paste the JWT Token Code into the Encoded Tab. When we paste the code in the encoding tab, our Decoded JWT Token is on the right side, with the Header, Payload, and Verify Signature, as seen in the image below.

Header

The header is the combination of two parts. The first part of the token is the

  • Signing Algorithm HMAC 256, 512
  • Type of the Token

Example

In the Header, you can see that our decoded header from our JSON Web Token

Payload

Payload is the second part of the Token that contains user details and registered claims. Payload is basically the base64 URL Encoded in JWT.

Registered Claims

Set of predefined claims which are not essential but recommended such as

  • JWT Id
  • Valid Audience
  • Validate Audience
  • Expiration time
  • Issue At
  • Validate Lifetime
  • Valid Issuer

Public Claims

Claims constitute the part of the payload of JSON web token that represents the set of information exchanges between two parties.

Private Claims

Custom Claims that are agreed to share the information between the parties.

In the given below picture, you can see that our Payload Data from our JSON Web Token

Signature

To create the signature, you must include the encoded header and encoded payload and your secret.

 Example

What problem JSON Web Token Solves

The main purpose of the JSON Web Token is to transfer claims between two parties. The most important aspect of this standardization effort is in the form of a simple, optionally validated encrypted container format.

When to use the JWT Token

  • When you want to Authorize the user
  • When you want to exchange information between the two parties.

How the JWT Works

In the given below example when we send the user request from the browser to the server with User Credentials

Example

After sending the request from the browser server, validate the credentials and generate the JWT Token for us.

If all endpoints in the application are secured then for getting data from that endpoints we must have the JWT token and send that token with the request and get the data from that URL.

Conclusion

In this blog, we have studied the JWT and understood how the JSON Web Token works when we use JWT Token and what's inside the JWT Token. In my next article we will study and practically implement the JWT Token functionality in the Asp.net Core Web API Project.

Next Recommended Reading Return Data In JSON Format From Web API