Shulou(Shulou.com)06/01 Report--

JWT is the abbreviation of JSON Web Tokens. Since it is called JSON Web Tokens, what is really contained in JWT Tokens is multiple JSON objects. Why multiple JSON objects? Because SWT Token is actually made up of three parts, two of which are in JSON format. These three parts are header (Header), payload data (Payload) and signature (Signature).

1. Information header (Header)

The header information consists of two parts, one represents the type of Token, and for JWT, the value is JWT; and the other part represents the signature algorithm, such as HMAC, SHA256, and RSA. Examples are as follows:

2. Load information (Payload)

Load information is a description of entities and additional information. It contains three parts: registration declaration, public declaration and private declaration. For more information, please refer to https://tools.ietf.org/html/rfc7519#section-4.2

3. Signature (Signature)

A string calculated by the specified algorithm using header, payload, and password information as input conditions.

These three parts of information are not transmitted in the original text. Before transmission, transcoding compression must be carried out. This is done in order to make the transmitted token data smaller and reduce the burden of data transmission, and the second is to make the data more secure. JWT Token can generally use HMAC algorithm for transcoding compression, or RSA or ECDSA for transcoding using public / private key pairs. These two algorithms have the function of digital signature, which can ensure the integrity of the data and prevent the data from being tampered with by the third party.

Generally speaking, the header information and load information in JSON format are first transformed by Base64 coding. Then obtain the signature through the following algorithm:

Hypothetical header information Base64 encoded converted characters are represented by h, Base64 encoded converted payload data information is represented by p, and signature values are represented by s, then JWT Token is displayed as a string separated by commas, which is generally in the following form:

Hhhhh.ppppp.sssss

The most common application scenario for JWT is authorization for users. When users log in, they get the JWT Token from the authorization server, and the subsequent user requests only need to bring the Token to request the corresponding resources or services. The server will verify the validity after getting the Token sent by the user.

Another use of JWT is to exchange information. Because JWT Token can not only be used to carry data, but also be signed, it can not only contain more application-related information, but also ensure the security of the data to prevent data from being intercepted and modified.

For more detailed information, please refer to the official description: https://jwt.io/introduction/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.