# JSON Web Tokens

## What is a JWT?

- JSON Web Token or JWT, is a standard for safely passing security information (specifically claims) between applications in a simple, optionally validated and/or encrypted, format.
- The standard is supported by all major web frameworks. (flask, Django, Express ...)

## What is a Claim?

- A claim is a definition or assertion made about a certain party or object. (examples: Role, Permission ...)
- Some of these claims and their meaning are defined as part of the JWT spec.
- Standards claims allow frameworks to be able to check expiry/validity automatically

## Standard Claims

| Claim  |  Name | Format   |Usage    | 
|---|---|---|---|
| ‘exp’  |  Expiration | int  |The time after which the token is invalid.   |
| ‘nbf’  | Not Before  | int  | The time before which the token is invalid.  |
| ‘iss’  |  Issuer | str  |  The principal that issued the JWT. |
| ‘aud’  | Audience  |str or list(str)   | The recipient that the JWT is intended for.  |
| ‘iat’  | Issued At  | int  | The time at which the JWT was issued.  |

## Why we use JWTs
- They are simple, compact and usable.
- For Authentication: to identify the user.
- For Authorization: to evaluate the user's permissions.
- For maintaining Stateless sessions.

## Dissecting a Token

A JWT is made of the following parts:

- Header: Holds metadata such as encryption type
- Payload: Holds user-identifying data
- Signature: Holds the signature of the token

Here's a demonstration:

In [4]:
from jose import jwt

token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.cThIIoDvwdueQB468K5xDc5633seEFoqwxjF_xSJyQQ"

header = jwt.get_unverified_header(token)
print(f'HEADER: {header}')

claims = jwt.get_unverified_claims(token)
print(f'PAYLOAD: {claims}')


HEADER: {'alg': 'HS256', 'typ': 'JWT'}
PAYLOAD: {'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022}


In [5]:
from jose import jwt
payload = {'sub': '00690698', 'iat': 1636368108, 'exp': 1636375308, 'permissions': ['get:students']}
secret = "&&12:forever:REPEATED:brother:95&&"
token = jwt.encode(payload,secret,algorithm='HS256')
print(token)


eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwMDY5MDY5OCIsImlhdCI6MTYzNjM2ODEwOCwiZXhwIjoxNjM2Mzc1MzA4LCJwZXJtaXNzaW9ucyI6WyJnZXQ6c3R1ZGVudHMiXX0.fYf45h6njtBfWQdBbtjupxLUiDw3r1yqGX2Hoj97r4E
