JWT authentication

We need to transfer information between microservices securely. The requests must be verified and signed digitally, where the applications verify the authenticity of the requests and respond to them.

We need to have a compact way to handle this information in the REST or HTTP world since the information is required to be sent with each request. JWT is one of the options here. JWT (JSON web tokens) is an open web standard that helps to securely transfer information between parties (applications). JWT will be signed using a secret, based on the HMAC algorithm, or with a public/private key. They are compact and self-contained:

Compact: They are small and can be sent in each request.
Self-contained: The payload contains all the necessary details about the user, which prevents us from querying the database for user authentication.

For advanced use cases, we can add Bouncy Castle (librarieshttps://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography))-based encryption.

JWT consists of the header, payload, and signature. They are Base64-encoded strings, separated by a . (a period):

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlNlbmRpbCBLdW1hciBOIiwiYWRtaW4iOnRydWV9.ILwKeJ128TwDZmLGAeeY7qiROxA3kXiXOG4MxTQVk_I

#Algorithm for JWT generation
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  
)

Here, the HMAC SHA256 (https://en.wikipedia.org/wiki/HMAC) algorithm is used to encode the header and payload of the JWT.

Table of Contents for JWT authentication

Create new playlist

Sign In

Sign Up

Table of Contents for
JWT authentication