Scribd
Upload
4 views10 pages

Lecture07 JWT

JSON Web Tokens (JWT) are a secure method for communication between two parties, primarily used for authentication and authorization in stateless HTTP protocols. A JWT consists of a header, payload, and signature, allowing it to contain user information directly, unlike traditional session-based methods. The document also provides a basic implementation of JWT with Express, including user login and token verification processes.

Uploaded by

baonguyen2623
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
4 views10 pages

Lecture07 JWT

JSON Web Tokens (JWT) are a secure method for communication between two parties, primarily used for authentication and authorization in stateless HTTP protocols. A JWT consists of a header, payload, and signature, allowing it to contain user information directly, unlike traditional session-based methods. The document also provides a basic implementation of JWT with Express, including user login and token verification processes.

Uploaded by

baonguyen2623
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

JSON WEB TOKENS

NGUYEN Thanh Ban


What are JSON Web Tokens?

- JSON Web Tokens (JWT) have been introduced as a method of

communicating between two parties securely

- JWT is very popular for handling authentication and authorization via HTTP.

- HTTP is a stateless protocol, which means that an HTTP request does not maintain state. The

server does not know about any previous requests that were sent by the same client.
Session-based authentication
JWT
When the client sends an authentication request to the server, it
will send a JSON token back to the client, which includes all the
information about the user with the response.
Structure of a JWT

- The first section of the JWT is the header, which is a Base64-encoded string

- The second section is the payload that contains the JSON object that was

sent back to the user.

- The final section is the signature of the token. This is generated by hashing the string

base64UrlEncode(header) + "." + base64UrlEncode(payload) + secret sent by the

same client.
Advantage of Using JWT over Traditional Methods

- JWT can contain all of the information about the user itself, unlike the
session-based authentication.
JWT with Express
 npm init –y
 npm i express
 npm i –d nodemon
 npm i jsonwebtoken
JWT with Express
const jwt = require('jsonwebtoken’);
const accessTokenSecret = 'youraccesstokensecret’;
app.post('/login', (req, res) => { // Read username and password from request body
const { username, password } = req.body; // Filter user from the users array by
username and password
const user = users.find(u => { return u.username === username && u.password ===
password });
if (user) { // Generate an access token
const accessToken = jwt.sign({ username: user.username, role: user.role },
accessTokenSecret);
res.json({ accessToken });
} else {
res.send('Username or password incorrect’);
}
});
JWT with Express
const authenticateJWT = (req, res, next) => {
const authHeader = req.headers.authorization;
if (authHeader) {
const token = authHeader.split(' ')[1]; jwt.verify(token,
accessTokenSecret, (err, user) => {
if (err) {
return res.sendStatus(403);
}
req.user = user;
next();
});
} else { res.sendStatus(401); } };
JWT with Express
app.get('/books', authenticateJWT, (req, res) => {
res.json(books);
});

You might also like