JWT

 JWT

JSON Web Tokens slides based on my blog post, Auth with JSON Web Tokens http://jpadilla.com/post/73791304724/auth-with-json-web-tokens

Becd166a81dc51c0009f602d175d0cc8?s=128

José Padilla

February 20, 2014
Tweet

Transcript

  1. JWT

  2. “jot”

  3. JSON Web Tokens

  4. None
  5. José Padilla

  6. Co-founder at

  7. twitter.com/jpadilla_

  8. github.com/jpadilla

  9. jpadilla.com

  10. What?

  11. None
  12. None
  13. None
  14. None
  15. JOSE

  16. JavaScript Object Signing and Encryption

  17. JWE

  18. JSON Web Encryption

  19. JWK

  20. JSON Web Key

  21. JWS

  22. JSON Web Signature

  23. JWA

  24. JSON Web Algorithms

  25. None
  26. Why?

  27. JWT + JWS

  28. Token-based Auth

  29. Single Sign-on

  30. Action Links

  31. HTTP

  32. How?

  33. Internet-Draft

  34. { "typ": "JWT", "alg": "HS256" }

  35. eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9

  36. {! "user_id": 1! }

  37. eyJ1c2VyX2lkIjogMX0

  38. BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

  39. eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkp XVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blY KcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

  40. PyJWT

  41. $ pip install PyJWT

  42. https:/ /github.com/progrium/pyjwt

  43. import jwt ! SECRET_KEY = "my-secret-key" payload = {"user_id": 1}

    ! jwt_token = jwt.encode(payload, SECRET_KEY) ! payload = jwt.decode(jwt_token, SECRET_KEY)
  44. DRF JWT Auth

  45. $ pip install djangorestframework-jwt

  46. https:/ /github.com/GetBlimp/django-rest-framework-jwt

  47. GET /protected/ HTTP/1.1 Host: localhost:8000 Authorization: JWT <YOUR_TOKEN>

  48. Thanks