# JWT foundations


## What is a JWT?

JSON Web Tokens represent a set of claims as a JSON object that is encoded in a JWS and/or JWE structure.

```
{
  "iss": "figo",
  "sub": "9792f6a5-e6f5-4468-b6c3-5fce9c4233ae",
  "exp": 1604103133,
}
```

* `iss` is the principal that issued the JWT.
* `sub` is the principal that is the subject of the JWT (e.g.: the user)
* `exp` is the expiration time on or after which the JWT must not be accepted.

Besides the Public Clame Names any number of Private Clame Names can be agreed upon between the producer and the consumer of a JWT. E.g.:

```
{
  "": [1, 
}
```


## What is a JWS structure?

A JSON Web Signature represents content secured with digital signatures using JSON-based data structures.

It consists of the JOSE header, that describes the parameters for the cryptographic operations employed. E.g.:

```
{"alg": "HS256", "typ": "JWT"}
```

the payload and the JWS Signature, which is a digital signature over the header and the payload.


### JWS Compact Serialization



```
BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload) || '.' ||
BASE64URL(JWS Signature)
```

In [2]:
import base64
import json


def b64urlencode(s):
    return base64.urlsafe_b64encode(s).rstrip(b'=')


def b64urldecode(s):
    remainder = len(s) % 4
    if remainder == 2:
        s += b'=='
    elif remainder == 3:
        s += b'='
    elif remainder == 1:
        raise ValueError("Illegal base64 string.")
    else:
        assert remainder == 0, "Math is wrong."
    return base64.urlsafe_b64decode(s)


def compact_json(data):
    return json.dumps(data, separators=(',', ':')).encode()

In [33]:
from Crypto.Hash import HMAC, SHA256


def encode(payload, secret):
    header = {'typ': 'JWT', 'alg': 'HS256'}
    protected = serialize(header, payload)
    signature = sign(secret, protected)
    return b'.'.join([protected, signature])


def serialize(header, payload):
    header = b64urlencode(compact_json(header))
    payload = b64urlencode(compact_json(payload))
    return b'.'.join([header, payload])


def sign(secret, data):
    hmac = HMAC.new(secret.encode(), data, digestmod=SHA256)
    return b64urlencode(hmac.digest())

In [37]:
token = encode({'iss': 'figo', 'exp': 1604103133}, 'secret')
token

b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmaWdvIiwiZXhwIjoxNjA0MTAzMTMzfQ.3OMkC1kuv7XxFGYRDmmTeP2KPp6z9Gc5tovDdULRPHQ'

In [31]:
def decode(token, secret):
    protected, header, payload, signature = deserialize(token)
    verify(secret, protected, header, signature)
    return payload


def deserialize(token):
    if token.count(b'.') != 2:
        raise ValueError("Invalid token format.")
    protected, signature = token.rsplit(b'.', 1)
    header, payload = protected.split(b'.')
    return (
        protected,
        json.loads(b64urldecode(header)),
        json.loads(b64urldecode(payload)),
        b64urldecode(signature))
            
    
def verify(secret, protected, header, signature):    
    if header['alg'] != 'HS256':
        raise ValueError("Invalid signing algorithm.")
    hmac = HMAC.new(secret.encode(), protected, digestmod=SHA256)
    if signature != hmac.digest():
        raise ValueError("Invalid signature.")

In [38]:
decode(token, 'secret')

{'exp': 1604103133, 'iss': 'figo'}

In [43]:
decode(token, 'foo')

ValueError: Invalid signature.

In [42]:
_, header, payload, signature = deserialize(token)
payload['iss'] = 'alice'
altered_token = b'.'.join([serialize(header, payload), b64urlencode(signature)])

decode(altered_token, 'secret')

ValueError: Invalid signature.