Demystifying Java Script Web Token(JWT)

Hello everyone. I’m Tejaswini, A final year undergrad in ECE at NITW. I like to explore new things both technical and non-technical. Currently diving into the world of Web development.

Ever wondered how authentication happens when you login to any website and you get all the details that are visible only to you. It happens because of Authentication by various methods. While I was learning how to design login and signup page for one of my project I thought it would be useful to learn what JWT is and then use it in project. So here is my take on it.

There are two ways

• Using Session ID
• Using JWT

Before discussing the JWT authentication let us understand about session and why it is not preferred always.

So whenever client sends a request to the server to fetch the response the session ID is sent by server in the form of cookie to the browser. So whenever we request the server for user details, browser sends the session ID and the response is sent back to the browser.

Now if we want the same credentials to login to different server we don’t have same Session ID. So here comes JWT to our rescue.

Java Script Web Token:

Whenever a user logins to his/her account , the browser sends request to the server along with a secret key using JWT and server sends a token(encoded) which the browser can use for authentication.

Now whenever browser sends the token the server decodes it into three parts

• Header
• Payload
• Signature

Let us discuss about them in short. Header contains details regarding the algorithm used for encoding and decoding, and type of token.

Payload is where we store the details of user like id and name. It also contains iat which is issued at time.

Signature is where the header and payload are combined and hashed using the algorithm in header section and it is verified with the last part in the token section that is after the last period by passing secret key. It verifies if user’s token is changed or not.

Image is taken from jwt.io for better understanding.

We can transmit this token using middleware in various other methods in end points to fetch user’s data. You can also define an expire time limit where tokens get expired after that interval.

Auth0 API is available for NODE-JS, JAVA, SWIFT .,etc.

JWT is open source and it has good documentation. You can refer the below link for more details.(Node-js)

auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html (github.com)

Resources:

What Is JWT and Why Should You Use JWT — YouTube

JSON Web Tokens — jwt.io

https://www.youtube.com/watch?v=7nafaH9SddU&t=648s

Follow me for such articles: Tejaswini — Medium