Authenticating Node.js using JSON Web Token (Part-1)

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) to securely transmit information between parties as a JSON object.

This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret HMAC or RSA algorithm.

Let’s explain some concepts of this definition further.

Because of their smaller size, JWTs can be sent through a URL, POST parameter, or inside an HTTP header.
Additionally, the smaller size means transmission is fast.

The payload contains all the required information about the user, avoiding the need to query the database more than once.

JSON Web Token is seperated by three parts Header, Payload and Signature. Let’s see what each part contain!

JSON Web Token is seperated by three parts Header, Payload and Signature. Let’s see what each part contain!

Header: Header contains two key values token type and algorithm for encryption.

{ "typ":"JWT", "alg":"HS256"}


Payload:
The second part of the token is the payload, which contains the claims. Claims are statements about an entity
(typically, the user) and additional metadata.

{  "id": "1",  "name": "samantha",  "active": 1}

Some of them are listed below:-

  • iss: The issuer of the token, it is a case-sensitive string containing a String or URI value

  • sub: The subject of the token

  • aud: The audience of the token

  • exp: It requires that the current date/time must be before the expiration date/time listed in the “exp” claim

  • nbf: Defines the time before which the JWT must not be accepted for processing

  • iat: The time the JWT was issued. it can be used to determine the age of the JWT

  • jti: Unique identifier for the JWT. It can be used to prevent the JSON web Token from being replayed. This is useful
    for a one time use token.

Public claims: These can be defined at will by those using JWTs. But to avoid collisions they should be defined in the
IANA JSON Web Token Registry or be defined as a URI that contains a collision resistant namespace.

Private claims: These are the custom claims created to share information between parties that agree on using them.

Signature: Signature is the Hash value which is the combination of Header, Payload and Secret.

Here is the example to convert the signature by HS256 Algorithm.

var encodedMsg = base64UrlEncode(header) + "." +base64UrlEncode(payload);

HMACSHA256('encodedMsg', 'secret');

As a result you will get the encoded message in below format.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjIiLCJuYW1lIjoic2FtYW50aGEiLCJhY3RpdmUiOjF9.2IlZivgHsNnyWjjF0jjC9QHn80tJdjmkvCqg8waoKaI
Checkout the JWT implementation with express.js (part-2) here
By | 2018-06-10T15:17:52+00:00 December 29th, 2017|express.js|9 Comments

9 Comments

  1. ps4 games November 28, 2019 at 11:41 am

    You could certainly see your skills within the article you
    write. The world hopes for more passionate writers like you who are not
    afraid to mention how they believe. Always follow your heart.

  2. ps4 games November 29, 2019 at 4:06 am

    At this time it sounds like Movable Type is the top
    blogging platform available right now. (from what I’ve
    read) Is that what you are using on your blog?

  3. quest bars cheap November 30, 2019 at 7:08 am

    Very nice post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed browsing your blog posts.
    After all I’ll be subscribing to your rss feed and I hope you write again soon!

  4. quest bars cheap December 2, 2019 at 12:45 am

    Quality articles or reviews is the main to interest the people to
    pay a visit the web page, that’s what this web page is providing.

  5. wormateio gameplay December 2, 2019 at 2:00 pm

    Do you have a spam problem on this site; I also am a blogger, and I was wanting to know your situation; we
    have developed some nice practices and we are looking to exchange techniques with others, please shoot me an email if interested.

  6. quest bars cheap December 2, 2019 at 5:24 pm

    This post gives clear idea in favor of the new users of blogging, that in fact how to do blogging.

  7. quest bars cheap coupon twitter December 3, 2019 at 12:43 am

    Hi there would you mind stating which blog platform you’re using?
    I’m going to start my own blog soon but I’m having a difficult
    time selecting between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique.
    P.S Apologies for getting off-topic but I had to ask!

  8. quest bars cheap coupon twitter December 3, 2019 at 8:12 pm

    Hello would you mind letting me know which webhost you’re working with?
    I’ve loaded your blog in 3 completely different web browsers and I must say
    this blog loads a lot quicker then most. Can you
    recommend a good hosting provider at a fair price?
    Cheers, I appreciate it!

  9. ps4 games December 5, 2019 at 6:51 pm

    When I originally commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is
    added I get four emails with the same comment. Is there any way you can remove me
    from that service? Cheers!

Leave A Comment

Get Amazing Tips!

Get MEAN stack updates delivered straight to your inbox, just a click away! Sign Up Now
First Name
Email address
Secure and Spam free...