Json Web Token detailed __JWT

Source: Internet
Author: User
Understanding JWT

JSON Web Tokens (JWT) are a standard way of representing security claims between the add-on and the Atlassian host product . A JWT token is simply a signed JSON object which contains information which enables the receiver to authenticate the Sende R of the request. Table of Contents Structure of a JWT token Header claims Signature JWT libraries Creating a JWT token decoding and verifying a JWT token Dec Oding a JWT token verifying a JWT token creating a query string hash advanced:creating a JWT token manually structur E of a JWT token

A JWT token looks like this:

   
   
    
    
     
     
    
    
    
    
     
     
      
      
       
       
        
        
         
         
         
         
          
          
Eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyjlehaiojezody4otkxmzesimlzcyi6imppcme6mtu0odk1otuilcjxc2gioii4mdyzzmy0y2exztqxzgy3 Ymm5mgm4ywi2zdbmnjiwn2q0otfjzjzkywq3yzy2zwe3otdindyxngi3mtkymmu5iiwiawf0ijoxmzg2odk4otuxfq.ukqu9dtb6gkwg6jqcuxyaimndfnrw9 8hw_iwua5mamo

Once you understand the format, it's actually pretty simple:

   
   
    
    
     
     
    
    
    
    
     
     
      
      
       
       
        
        
         
         
         
         
          
          
<base64url-encoded header>.<base64url-encoded claims>.<base64url-encoded signature>

In other words:you create a header object, with the JSON format. Then you encode it in Base64url to create a claims object, with the JSON format. Then you encode it in Base64url you create a signature for the URI (we'll get to that later). Then you encode it in Base64url your concatenate the three items, with the "." Separator

You are shouldn ' t actually have to doing this manually, as there are libraries available in most languages, as we describe in the JWT Libraries section. However It is important your understand the fields in the JSON header and claims objects described in the next sections: Header

The header object declares the type of the encoded object and the algorithm used for the cryptographic signature. Atlassian Connect always uses the same values for these. The Typ property would be "JWT" and the Alg property would be "HS256".

1
{
2
"  Typ": "JWT",
3
  "ALG": "HS256"
4
}
Attribute Type Description
"Typ" String Type for the token and defaulted to "JWT". Specifies this is a JWT token
"ALG" (mandatory) String Algorithm. Specifies the algorithm used to sign the token. In Atlassian-connect version 1.0 we support the HMAC SHA-256 algorithm, which the JWT specificationidentifies using the St Ring "HS256".

Importantyour JWT Library or implementation should discard any tokens which specify Alg:none as this can provide a Bypas S of the token verification.

claims

The claims object contains security information about the message for you ' re transmitting. The attributes of this object provide information to ensure the authenticity of the claim. The information includes the issuer, when the token is issued, when the token would expire, and other contextual On, described below.

1
{
2
  "ISS": "jira:1314039",
3
  "IAT": 1300819370,
4
  "Exp": 1300819380,
5
"  Qsh": "8063ff4ca1e41df7bc90c8ab6d0f6207d491cf6dad7c66ea797b4614b71922e9",
6
"  Sub": "Batman",
7

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.