JWT Authentication

 What is JWT ? 

JWT Stands for JSON Web Tokens, Used to securely transmitting data between two parties.

 Structure of JWT ? 

JWT Consist with main 3 parties they are Header, Payload and Signature. Typically JWT looks like

XXXX.YYYY.ZZZZ ( Three parts are encoded with Base64Url )

1) Header

    Contains with two parties. algorithm can be HMAC HSA256 or RSA

    {

        algo : HS256

        type : JWT

    }

2) Payload

Contains the Claims ( User or additional Data ). 

Payload encoded with Base64Url. 

There are 3 types of claims.

    - Registered Claims : Pre defined claims are not mandatory but recommended.

            ex : iss ( Issuer ) , exp ( Expiration Time ), sub ( Subject )

    - Public Claims : These can be defined. To avoid collision registered as URI or  IANA JSON Web                 Token Registry.

    - Private Claims : Custom Claims use to share information between parties.

3) Signature

Signature is used to verify the message wasn't change between sharing.

To create a signature private key(secret) is used.

HMAC256(

    Base64UrlEncode(header) + "." +

    Base64UrlEncode(payload) ,

    Secret

)