# JWT foundations


## What is a JWT?

> JSON Web Token (JWT) is a compact, URL-safe means of representing
  claims to be transferred between two parties.  The claims in a JWT
  are encoded as a JSON object that is used as the payload of a JSON
  Web Signature (JWS) structure or as the plaintext of a JSON Web
  Encryption (JWE) structure, enabling the claims to be digitally
  signed or integrity protected with a Message Authentication Code
  (MAC) and/or encrypted.
 ~ *IETF RFC 7519*
 
JSON Web Tokens (JWTs) make it easy to send **read-only signed** "claims" between services (both internal and external to your app/site). Claims are any bits of data that you want someone else to be able to *read* and/or *verify* but **not alter**.

### Example

```
{
  "iss": "figo",
  "sub": "9792f6a5-e6f5-4468-b6c3-5fce9c4233ae",
  "exp": 1604103133,
}
```

### Public Claim Names

There are number of registered Public Claim Names that can be automatically validated by supporting libraries

* `iss` is the principal that issued the JWT.
* `sub` is the principal that is the subject of the JWT (e.g.: the user)
* `exp` is the expiration time on or after which the JWT must not be accepted.
* `aud` identifies the receipients the JWT is intended for.
* `nbf` identifies the time before which the JWT must not be accepted for processing.
* `iat` identifies the time at wich the JWT was issued.
* `jti` provides a unique identifier for the JWT.


### Private Claim Names

Besides the Public Claim Names any number of Private Clame Names can be agreed upon between the producer and the consumer of a JWT. E.g.:

```
{
  "attrs": [
    "email",
    "name",
    "address"
  ]
}
```

In this case `attrs` defines the attributes of a resource (e.g. a user) that the token grants access to.

## What is a JWS structure?

> A JSON Web Signature represents content secured with digital signatures using JSON-based data structures.
~ IETF RFC 7515

It consists of the 

* JOSE Header (JSON Object Signing and Encryption)
* JWS Payload
* JWS Signature

The JOSE Header describes the parameters for the cryptographic operations employed. The JWS Signature represents  a digital signature over the JOSE Header and the JWS Payload.

### JOSE Header

A JOSE Header could look like this:

```
{"alg": "HS256", "typ": "JWT"}
```

* `alg` identifies the cryptographic algorithm used to secure the JWS.
* `typ` is used by JWS applications to declare the media type of the JWS.


### JWS Compact Serialization

The JWS Compact Serialization represents digitally signed content as a compact, URL-safe string. It is composed of three parts

```
BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload) || '.' ||
BASE64URL(JWS Signature)
```

#### Example

JOSE Header:

```
{"alg": "HS256",
 "typ": "JWT"}
```

JWS Payload (a JWT):

```
{"iss": "figo", 
 "exp": 1604103133}
```

yields

```
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
eyJpc3MiOiJmaWdvIiwiZXhwIjoxNjA0MTAzMTMzfQ.
3OMkC1kuv7XxFGYRDmmTeP2KPp6z9Gc5tovDdULRPHQ
```

## Naive implementation

### Utility functions

In [2]:
import base64
import json


def b64urlencode(s):
    return base64.urlsafe_b64encode(s).rstrip(b'=')


def b64urldecode(s):
    remainder = len(s) % 4
    if remainder == 2:
        s += b'=='
    elif remainder == 3:
        s += b'='
    elif remainder == 1:
        raise ValueError("Illegal base64 string.")
    else:
        assert remainder == 0, "Math is wrong."
    return base64.urlsafe_b64decode(s)


def compact_json(data):
    return json.dumps(data, separators=(',', ':')).encode()

### Encoding a JWS

In [33]:
from Crypto.Hash import HMAC, SHA256


def encode(payload, secret):
    header = {'typ': 'JWT', 'alg': 'HS256'}
    protected = serialize(header, payload)
    signature = sign(secret, protected)
    return b'.'.join([protected, signature])


def serialize(header, payload):
    header = b64urlencode(compact_json(header))
    payload = b64urlencode(compact_json(payload))
    return b'.'.join([header, payload])


def sign(secret, data):
    hmac = HMAC.new(secret.encode(), data, digestmod=SHA256)
    return b64urlencode(hmac.digest())

In [37]:
token = encode({'iss': 'figo', 'exp': 1604103133}, 'secret')
token

b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmaWdvIiwiZXhwIjoxNjA0MTAzMTMzfQ.3OMkC1kuv7XxFGYRDmmTeP2KPp6z9Gc5tovDdULRPHQ'

### Decoding a JWS

In [31]:
def decode(token, secret):
    protected, header, payload, signature = deserialize(token)
    verify(secret, protected, header, signature)
    return payload


def deserialize(token):
    if token.count(b'.') != 2:
        raise ValueError("Invalid token format.")
    protected, signature = token.rsplit(b'.', 1)
    header, payload = protected.split(b'.')
    return (
        protected,
        json.loads(b64urldecode(header)),
        json.loads(b64urldecode(payload)),
        b64urldecode(signature))
            
    
def verify(secret, protected, header, signature):    
    if header['alg'] != 'HS256':
        raise ValueError("Invalid signing algorithm.")
    hmac = HMAC.new(secret.encode(), protected, digestmod=SHA256)
    if signature != hmac.digest():
        raise ValueError("Invalid signature.")

In [38]:
decode(token, 'secret')

{'exp': 1604103133, 'iss': 'figo'}

In [48]:
try:
    decode(token, 'foo')
except ValueError as e:
    print(e)

Invalid signature.


In [47]:
_, header, payload, signature = deserialize(token)
payload['iss'] = 'alice'
altered_token = b'.'.join([serialize(header, payload), b64urlencode(signature)])

try:
    decode(altered_token, 'secret')
except ValueError as e:
    print(e)

Invalid signature.


## Library support

There are many libraries for different programming languages available. See [jwt.io](https://jwt.io/).

In [44]:
from jose import jwt

jwt.decode(token, 'secret')

{'exp': 1604103133, 'iss': 'figo'}

In [46]:
try:
    jwt.decode(altered_token, 'secret')
except jwt.JWTError as e:
    print(e)

Signature verification failed.
