JWT
JWT or Json web token is used to authenticate the calls of application, it’s an open-source service and have been adopted by industry at large scale.
It’s a kind of key or secret-code which we send along with our request. The server after seeing this secret key gets assured that the request is coming from an authentic source.
During generation of a token, we first get this object:
{{"alg":"HS256","typ":"JWT"}.{"id":"5fc3af4198c5d7d2acbc4b8a",
"nbf":1662800806,"exp":1662801101,"iat":1662800806}}
This token object contains the algorithm using which it is created, its type, it contains an Id, it also has an expiration date.
But while sending it in response, we convert this object into a single long encrypted string which are connected to via 2 dots. Please notice the dots.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVmYzNhZjQxO ThjNWQ3ZDJhY2JjNGI4YSIsIm5iZiI6MTY2MjU2MDc5MiwiZXhwIjoxNjYyNTY xMDkxLCJpYXQiOjE2NjI1NjA3OTJ9.m0A0SIap0IteqpLG3UGv_tEbhtWSoThis JWT token string contains information: a – Header – It tells about type of Token i.e. JWT + Algoright used b – Payload – It tells about the user for which it was created + the time till which it will work. c – Signature – It is made up of a secret key(string) which we provide + Header + Payload and then encrypted using an encryptor. The signature is used to verify the message wasn’t changed along the way. To learn how to implement JWT authentication in ASP.net core application please go through our article – Low level: JWT auth implementation in Asp.Net Core C#
To know the kind of security it provides, you can see the image above 🙂
SOURCE CODE:
To understand the topic better we have already kept a JWT based project at our Github location. Please open this project side-by-side to understand the flow better. This project is a React + Redux + Asp.Net Core + JWT + MongoDb based ToDo application.
Read more from Asp.Net C#:
With references from Jon Skeet
290
With references from Eric Nat
3.4k