JWT

JWT

Ayushi Omray Ayushi Omray

Ayushi Omray

Published Jul 7, 2019
+ Follow

JWT Also known as JSON web token is formally understood as a safe way to represent a set of information between two parties. The token is composed of a header, a payload and a signature.

Well, all this is pretty straight forward for a person from the industry but what about a simple person, well to simplify the concept assume a huge Library, and you intend to enter that library. Everyone can enter that library and check out the books and content available but only the members with a library card are allowed to issue a book. Now how does the Librarian identify which user is allowed to actually issue books? well, the answer is pretty simple, through a library card. This library card is a fixed and reliable form of document for authentication basis. Now when we consider this analogy to JWT it becomes really easy to understand it's functionalities and usage.

when a new user, enter your application, he/she is allowed to enter and explore the various contents and use publicly available resources, but only a person with certain authenticity is allowed to make changes and access private data. The authentication server is assigned the job of providing the set format JSON web token, which acts as the library card for the user. When the user makes an API call to the application the JWT assigned to the user is send to the server application to verify the user and thus accept/reject their request. Thus, only those users with an authentic Library card can make a request to the librarian, for issuing the book.

Well, how do we know that jwt verifies the authenticity of the user, the thing is jwt uses a strict format of header.payload.signature in which the construction of the encoded data is such that it cannot be tampered by a malicious user. since the signature key is generated by the hashing and combination of header and payload that it becomes inevitable to copy the details. like the library card has the same stamp and signature that it would not be possible to copy it entirely.

This also explains the limitation of jwt, since it is based on the communication between the servers and the user it is always suggested to make jwt request on Https rather than Http as Http, is more susceptible for malicious hackers listening to your requests and exploiting sensitive information.



To view or add a comment, sign in

More articles by Ayushi Omray

  • AUTOMATED TESTING INTRODUCTION
    Jul 16, 2019

    AUTOMATED TESTING INTRODUCTION

    As a fresher to the Computer Science field, it always puzzled me how can software testing be such a prominent field. I…

  • KUBERNETES
    Jun 23, 2019

    KUBERNETES

    So, Last time, we vaguely discussed what kubernetes is, and where it is used. This time lets dive into it, well…

Others also viewed

Explore content categories