Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JWT

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for José Padilla José Padilla
February 20, 2014
Programming
470
2

 JWT

JSON Web Tokens slides based on my blog post, Auth with JSON Web Tokens http://jpadilla.com/post/73791304724/auth-with-json-web-tokens

Avatar for José Padilla

José Padilla

February 20, 2014

More Decks by José Padilla

See All by José Padilla
Python, Government, and Contracts
Avatar for José Padilla jpadilla
0
69
Python, Government, and Contracts
Avatar for José Padilla jpadilla
0
5.1k
Python Type Hints
Avatar for José Padilla jpadilla
0
600
Developer Ergonomics
Avatar for José Padilla jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
Avatar for José Padilla jpadilla
15
11k
BFTW: The Backend
Avatar for José Padilla jpadilla
4
230
eventos
Avatar for José Padilla jpadilla
0
210
Ember.js + Django
Avatar for José Padilla jpadilla
3
2.2k
UPRB Basic Workshop
Avatar for José Padilla jpadilla
2
240

Other Decks in Programming

See All in Programming
The Monolith Strikes Back: Why AI Agents ❤️ Rails Monoliths
Avatar for Rodrigo Serradura serradura
0
340
(Re)make Regexp in Ruby: Democratizing internals for the JIT
Avatar for TSUYUSATO Kitsune makenowjust
2
190
ハーネスエンジニアリングにどう向き合うか 〜ルールファイルを超えて開発プロセスを設計する〜 / How to approach harness engineering
Avatar for r-kagaya rkaga
23
13k
YJITとZJITにはイカなる違いがあるのか?
Avatar for yamanao nakiym
0
220
CDK Deployのための ”反響定位”
Avatar for watany watany
4
780
Xdebug と IDE による デバッグ実行の仕組みを見る / Exploring-How-Debugging-Works-with-Xdebug-and-an-IDE
Avatar for shin1x1 shin1x1
0
380
10年分の技術的負債、完済へ ― Claude Code主導のAI駆動開発でスポーツブルを丸ごとリプレイスした話
Avatar for nero15 takuya_houshima
0
2.6k
運転動画を検索可能にする〜Cosmos-Embed1とDatabricks Vector Searchで〜/cosmos-embed1-databricks-vector-search
Avatar for 開発室Graph studio_graph
0
210
Offline should be the norm: building local-first apps with CRDTs & Kotlin Multiplatform
Avatar for Renaud MATHIEU renaudmathieu
0
220
事業会社でのセキュリティ長期インターンについて
Avatar for inlet-back masachikaura
0
250
「話せることがない」を乗り越える 〜日常業務から登壇テーマをつくる思考法〜
Avatar for ShoheiMitani shoheimitani
4
820
Kubernetes上でAgentを動かすための最新動向と押さえるべき概念まとめ
Avatar for Sota Makino sotamaki0421
3
510

Featured

See All Featured
Discover your Explorer Soul
Avatar for Emna emna__ayadi
2
1.1k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
61
43k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
220
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6.1k
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
4
2.2k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
100
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
160
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.4k
Agile Leadership in an Agile Organization
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
130
Amusing Abliteration
Avatar for ianozsvald ianozsvald
1
150
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
10
1.1k

Transcript

  1. JWT

  2. “jot”

  3. JSON Web Tokens

  4. None

  5. José Padilla

  6. Co-founder at

  7. twitter.com/jpadilla_

  8. github.com/jpadilla

  9. jpadilla.com

  10. What?

  11. None
  12. None
  13. None
  14. None

  15. JOSE

  16. JavaScript Object Signing and Encryption

  17. JWE

  18. JSON Web Encryption

  19. JWK

  20. JSON Web Key

  21. JWS

  22. JSON Web Signature

  23. JWA

  24. JSON Web Algorithms

  25. None

  26. Why?

  27. JWT + JWS

  28. Token-based Auth

  29. Single Sign-on

  30. Action Links

  31. HTTP

  32. How?

  33. Internet-Draft

  34. { "typ": "JWT", "alg": "HS256" }

  35. eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9

  36. {! "user_id": 1! }

  37. eyJ1c2VyX2lkIjogMX0

  38. BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

  39. eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkp XVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blY KcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

  40. PyJWT

  41. $ pip install PyJWT

  42. https:/ /github.com/progrium/pyjwt

  43. import jwt ! SECRET_KEY = "my-secret-key" payload = {"user_id": 1}

    ! jwt_token = jwt.encode(payload, SECRET_KEY) ! payload = jwt.decode(jwt_token, SECRET_KEY)

  44. DRF JWT Auth

  45. $ pip install djangorestframework-jwt

  46. https:/ /github.com/GetBlimp/django-rest-framework-jwt

  47. GET /protected/ HTTP/1.1 Host: localhost:8000 Authorization: JWT <YOUR_TOKEN>

  48. Thanks