Java Web Tokens

From bibbleWiki
Jump to navigation Jump to search

Introduction

Java Web Tokens are used for Authorisation and Information Exchange. They consist of three parts, a header, Payload and a Signature. For example

Format

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true
}

Signature

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

Example

Refresh Tokens

When the use authenticates they are provided with an access token. The user can then request a new access token with a refresh token. The access token typically has a much shorter lifespan.

Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Java_Web_Tokens&oldid=4219"