Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JWT

 JWT

JSON Web Tokens slides based on my blog post, Auth with JSON Web Tokens http://jpadilla.com/post/73791304724/auth-with-json-web-tokens

José Padilla

February 20, 2014
Tweet

More Decks by José Padilla

Other Decks in Programming

Transcript

  1. JSON Web Tokens

    View full-size slide

  2. José Padilla

    View full-size slide

  3. Co-founder at

    View full-size slide

  4. twitter.com/jpadilla_

    View full-size slide

  5. github.com/jpadilla

    View full-size slide

  6. jpadilla.com

    View full-size slide

  7. JavaScript
    Object
    Signing and
    Encryption

    View full-size slide

  8. JSON
    Web
    Encryption

    View full-size slide

  9. JSON
    Web
    Signature

    View full-size slide

  10. JSON
    Web
    Algorithms

    View full-size slide

  11. Token-based Auth

    View full-size slide

  12. Single Sign-on

    View full-size slide

  13. Action Links

    View full-size slide

  14. Internet-Draft

    View full-size slide

  15. {
    "typ": "JWT",
    "alg": "HS256"
    }

    View full-size slide

  16. eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9

    View full-size slide

  17. {!
    "user_id": 1!
    }

    View full-size slide

  18. eyJ1c2VyX2lkIjogMX0

    View full-size slide

  19. BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

    View full-size slide

  20. eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkp
    XVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blY
    KcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

    View full-size slide

  21. $ pip install PyJWT

    View full-size slide

  22. https:/
    /github.com/progrium/pyjwt

    View full-size slide

  23. import jwt
    !
    SECRET_KEY = "my-secret-key"
    payload = {"user_id": 1}
    !
    jwt_token = jwt.encode(payload, SECRET_KEY)
    !
    payload = jwt.decode(jwt_token, SECRET_KEY)

    View full-size slide

  24. DRF JWT Auth

    View full-size slide

  25. $ pip install djangorestframework-jwt

    View full-size slide

  26. https:/
    /github.com/GetBlimp/django-rest-framework-jwt

    View full-size slide

  27. GET /protected/ HTTP/1.1
    Host: localhost:8000
    Authorization: JWT

    View full-size slide