OAuth 2.0 | JSON Web Token (JWT) | Structure
With 7th article on OAuth, time to see today how a JWT looks like? What are the different parts of which it is made up of? We already know JWT is a standard to represent claims securely between two parties. Let's see below image.
In above image, left side is the token and right side is decoded version of the token. We can also infer there are three parts of a JWT highlighted in three different colours and separated by dots with values visible in right side decoded version.
Let's understand the three parts -
1. Header: is metadata of the token. Usually has two parts. typ is token type which is JWT and alg is the signing algorithm used. e.g. HMAC SHA256.
2. Payload: is the data represented in form of claim set. We already covered claims in last article: https://www.techlearnings.org/single-post/oauth-2-0-json-web-token-jwt-claims along with different types of claims.
3. Signature: helps validating the token. e.g If it's changed along the way or not, validating the sender is who it says it is. The signature is created by signing using the algorithm specified in header the following three parts viz. one - encoded header, second - encoded payload, third - secret.
This way the token gets formed and it looks like below -
That's it for today! Short and easy to understand stuff. But as mentioned previously as well; OAuth is a vast concept. This is 7th article and there is still lot more to cover. Let's continue to learn step by step. Please stay tuned, Stay connected!
Do connect or follow me at LinkedIn, subscribe at Website/YouTube/Facebook/Twitter!
Mentioning other OAuth articles already published as a handy reference guide for further learning. Do check out in case you missed/want to re-read.
https://www.techlearnings.org/single-post/oauth-2-0-is-it-an-api-or-service-what-is-oauth-actually
https://www.techlearnings.org/single-post/oauth-2-0-access-refresh-tokens
https://www.techlearnings.org/single-post/oauth-2-0-scopes-roles-grant-types
https://www.techlearnings.org/single-post/oauth-2-0-client-id-and-secret
https://www.techlearnings.org/single-post/oauth-2-0-client-authentication
https://www.techlearnings.org/single-post/oauth-2-0-json-web-token-jwt-claims
Happy Tech Learnings!
Comments