In this video Emmanuel Henri goes through the basics of a JSON Web Token and why would you need to use them.
- [Instructor] JWT or JSON Web Token is an open standard that is used to secure the transfer of information in between parties. If you want to follow along, go to jwt.io and scroll down to this section here. The JSON object primarily consists of three items, a header, payload and a signature. The header has usually two parts, the type of token and the hashing algorithm used to encrypt the token. Then the payload consists of the metadata from the request party that is required from the server.
Some typically information you'll see in the payload are issuer of the request, expiration, name, etc. Finally, the signature is what proves the requester is who he says he is and is how the request is probably validated. Services like OAuth uses JWT and this what we'll implement in our example project. In fact, the JWT documentation was crafted by the OAuth team. So, what is the use of JWT? This the best way to securely transmit information across parties on the web, so the payload could be used for any type of information you'd like to transmit from two parties and quite evidently as we'll implement in your solution, they can be used to authenticate a user, so when the user is registered to a site, then the token will be used to validate the user as it makes several requests for data.
So, there you have it. So, now enough theory, let's start implementing all this next.
- The role of the OWASP organization
- Dealing with cross-site scripting (XSS) and cross-site request forgery attacks
- JSON Web Tokens
- Creating and securing API endpoints
- Routing authentication