What is JWT? How does it work?
Introduction
In this post, I am going to explain JWT, which is used to secure REST API.
What is JWT:
JWT is an open standard i.e. anybody can use it.
JWT is used to securely transfer information between two bodies.(like servers) and for the purpose of Authorization. It is digitally signed so there is no chance of alteration.
JWT is very easy to transfer in HTTP requests in GET we can send it in URL, in POST we can send it in Authorization Header.
JWT token itself contains the user information, so there is no need to query the DB for info.
Structure of JWT:
IT has total of three parts:
- Header: It contains two keys alg (type of algorithm), and type (type of JWT token), It is encoded to Base64 to form the first part of JWT.
- Payload: It contains claims like information about user details. It is also Base64 encoded to form the second part of JWT.
- Signature: It is most important part, contains Base64(header) + Base64(payload) + Secret. If someone changes the secret then the signature will change. so it will unauthorise the requests.
How Do JWT Works:
- From the Browser we send the login request to server, server verifies the request and generates a secret and sends it back to the browser.
- Then on each subsequent request, we will Pass JWT in Headers.
- If the JWT signature matches with our DB info(from JWT data try to get user info) then send a successful response to the browser.
https://jwt.io/ : We can check more about JWT here. By changing Payload and Base64 encoded payload.
Thanks for reading!!
In the next post I will show you how to use JWT with Spring boot for securing APIs.
