JWT_Presentation to show how jwt is better then session based authorization
nathakash343
18 views
17 slides
Sep 07, 2024
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
JWT
Slide Content
Introduction JWT: JSON Web Tokens (JWT) are an open, industry standard RFC 7519 method for representing claims securely between two parties.
Authorization Strategies 1) Session token 2) JSON web token
HTTP: HTTP is a stateless protocol. This means a HTTP server needs not keep track of any state information. So, every Interaction in HTTP needs to contain all the needed information for that interaction, nothing is remembered. No state is maintained over multiple requests.
Session Token: In session-based authentication, the server creates a session for the user after they log in. The session ID is stored in a cookie on the user's browser and is sent with every subsequent request. The server compares the session ID against the session information stored in memory to verify the user's identity.
Session Token Problem: Modern web apps have multiple servers with a load balancer deciding which server routes the request. If a login request happens on server 1 and the session is stored there, but the next request goes to server 2, server 2 won't recognize the session ID.
If you can decode JWT, how are they secure? JWTs can be signed, encrypted, or both. If a token is signed but not encrypted, anyone can read its content, but without the private key, they can't change it. If tampered with, the signature won't match.
What happens if your JSON Web Token is stolen? It's bad, really bad. JWTs are used to identify the client, so if one is stolen, an attacker has full access to the user's account. However, JWTs can be configured to expire, making them slightly less dangerous than stolen usernames and passwords.
When should you use JSON Web Token? Authorization: This is the most common scenario. Each subsequent request after login will include the JWT, allowing access to routes, services, and resources permitted by that token. Information Exchange: JWTs are a secure way of transmitting information between parties. Signed JWTs can verify the sender's identity.
How does JWT look like? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 . eyJlaWQiOiIzNDc4MzciLCJuYW1lIjoiQWthc2ggTmF0aCJ9 . GfoX38XUi1Eq0YKuUBrh6yGAuin9Z7pLHyUZNYPtKec
JSON Web Token Structure: 1) Header 2) Payload 3) Signature
HEADER: The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC, SHA256, or RSA.
Payload: The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data.
Types of Claims: Registered claims: Predefined claims like 'sub' (subject), 'exp' (expiration time). Public claims: Defined by those using JWTs. They should be unique to avoid collisions. Private claims: Custom claims shared between parties that agree on them.
An example payload could be: { "eid": "347837", "name": "Akash Nath" }
Signature: To create the signature, take the encoded header, encoded payload, a secret, the algorithm specified in the header, and sign that.
Thank You!
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 18
- Slides 17
- Age 451 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views