Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what is the structure of JWT". In daily operation, I believe many people have doubts about what the structure of JWT is made up of. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "what is the structure of JWT?" Next, please follow the editor to study!

Introduction to JWT

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained standard for transferring information between parties into JSON objects. This information is verified by a digital signature. JWT is signed using the HMAC algorithm or the public / private key of RSA, so its security is very high.

To further explain its characteristics or concepts:

Compact: because it is an encrypted string, the size of JWT data is very small and can be sent through POST parameters or HTTP request headers. In addition, the small size of data means that the transmission speed is fast.

Self-contained: JWT contains all the confidence of the user, so it avoids querying the database every time and reduces the load on the server.

JWT application scenario

When should I use JWT in general? Which is generally used in the following scenarios:

Validation: this is the most common scenario for using JWT. Once the user logs in, each subsequent request will include a JWT, allowing the user to access the routes, services, and resources allowed by the token. Single sign-on is a widely used JWT feature because it has little overhead and can be easily used in different domains.

Information exchange: JWT is a good way to securely transfer information between parties because they can be signed, such as using public / private key pairs. In addition, when the signature is calculated using the title and payload, you can verify that the content has not been tampered with.

JWT structure

JWT consists of three parts, namely "." Separated, the three parts are composed as follows:

Header (head)

Payload (payload)

Signature (signature)

Therefore, the usual format of JWT is as follows:

Xxxxx.yyyyy.zzzzz

Now, we will explain these three components separately:

1. Header

The title usually consists of two parts: the type of token, JWT, and the hash algorithm used, such as HMAC SHA256 or RSA.

For example:

{"alg": "HS256", "typ": "JWT"}

Base64 encode the header as the first part of the JWT.

2. Payload

This is the second part of JWT, which contains some information about the user and Cliam (claims, rights). There are three types of Cliam: reserved, public and private.

A typical payload should be as follows:

{"sub": "1234567890", "name": "John Doe", "admin": true}

Base64 encode the payload as the second part of the JWT.

3. Signature

To create the signature part, you need to use header and payloader encoded with Base64, as well as the secret key, and sign them. A typical format is as follows:

HMACSHA256 (base64UrlEncode (header) + "." + base64UrlEncode (payload), secret) how to use JWT

The most common application scenario, authentication, is shown in the figure. Through the user name and password, the client requests the server to obtain some information about a user, including some additional information about the user, such as permissions, which is encrypted and returned in the form of JWT. The client that acquires the JWT needs to carry the JWT in every subsequent request. The advantage of this is that there is no need to query the database to obtain the user's information. In distributed systems such as micro-services, single sign-on can be achieved.

At this point, the study of "what is the structure of JWT" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.