-
Notifications
You must be signed in to change notification settings - Fork 0
JWT Json Web Token
DUONG Phu-Hiep edited this page Oct 4, 2018
·
2 revisions
Must to use with https
https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec
- Authentication Server (Google / Facebook) use the private key to sign the PAYLOAD_CLAIMS
- Application Server use the public key to verify the PAYLOAD_CLAIMS authentication
HEADER = base64urlEncode( { "typ": "JWT", "alg": "HS256" }) = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"
PAYLOAD_CLAIMS = base64urlEncode( { "iss" => "example.org", "aud" => "example.com", "iat" => 1356999524, "nbf" => 1357000000 }) = "eyJ1c2VySWQiOiJiMDhmODZhZi0zNWRhLTQ4ZjItOGZhYi1jZWYzOTA0NjYwYmQifQ"
data = HEADER + “.” + PAYLOAD_CLAIMS; hashedData = HS256( data, secret ) SIGNATURE = base64urlEncode( hashedData ) = "-xN_h82PHVTCMA9vdoHrcZxH-x5mb11y1537t3rGzcM"
JWT_TOKEN = HEADER + “.” + PAYLOAD_CLAIMS + "." + SIGNATURE
ssh-keygen -t rsa -b 4096 -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub
https://identityserver4.readthedocs.io/en/release/intro/big_picture.html