Why and how it works? Understanding and building a simple JWT library from scratch. (part 1)
This is part 1of the 2 part series of tutorials. You can access Part 2 here.
Topics we’ll address
- What is JWT
- Where is it used
- JWT structure
- The first part — Header
- The second part — Payload
- The third part — Signature
- Unsecured JWT
- JWT vs Sessions
- Conclusion
What is JWT
JSON Web Token is a compact and self-contained way of representing claims to be transferred between two parties. The claims are encoded as a JSON object that is used to transfer data. The information transmitted can be verified and trusted because it’s digitally signed.
There are two types of JWTs:
JWS (JSON Web Signature): used to sign the data, making it integrity-protected, this means that:
- Man-in-the-middle attacks can see the data for what it is
- Man-in-the-middle attacks cannot modify it since the signature verification would fail
