Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Json Web Token at Employment Hero
Search
Luong Vo
September 11, 2018
Programming
0
40
Json Web Token at Employment Hero
Luong Vo
September 11, 2018
Tweet
Share
More Decks by Luong Vo
See All by Luong Vo
Why our platform needs Redis Sentinel
luongvo
0
96
Performance Monitoring at Employment Hero
luongvo
0
150
Lalaland - A C2C ecommerce site - pitch deck
luongvo
0
430
Skeleton-based Human Action Recognition with Recurrent Neural Network
luongvo
0
250
Ruby Threads
luongvo
1
33
Caching in Ruby
luongvo
1
35
Monitoring system at Employment Hero
luongvo
0
52
Introduction to Docker and Docker Compose
luongvo
0
65
Database migration from Heroku to Amazon Web Services
luongvo
0
72
Other Decks in Programming
See All in Programming
Graviton と Nitro と私
maroon1st
0
160
Tinkerbellから学ぶ、Podで DHCPをリッスンする手法
tomokon
0
150
Deno Tunnel を使ってみた話
kamekyame
0
290
組み合わせ爆発にのまれない - 責務分割 x テスト
halhorn
1
170
CSC307 Lecture 03
javiergs
PRO
1
450
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
cloverrose
2
440
Implementation Patterns
denyspoltorak
0
140
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
5
1.5k
Python札幌 LT資料
t3tra
7
1.1k
脳の「省エネモード」をデバッグする ~System 1(直感)と System 2(論理)の切り替え~
panda728
PRO
0
130
AI 駆動開発ライフサイクル(AI-DLC):ソフトウェアエンジニアリングの再構築 / AI-DLC Introduction
kanamasa
11
4.8k
「コードは上から下へ読むのが一番」と思った時に、思い出してほしい話
panda728
PRO
39
26k
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
770
Agile that works and the tools we love
rasmusluckow
331
21k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
75
Faster Mobile Websites
deanohume
310
31k
The Invisible Side of Design
smashingmag
302
51k
A Modern Web Designer's Workflow
chriscoyier
698
190k
30 Presentation Tips
portentint
PRO
1
180
Digital Ethics as a Driver of Design Innovation
axbom
PRO
0
130
How GitHub (no longer) Works
holman
316
140k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Marketing to machines
jonoalderson
1
4.5k
Crafting Experiences
bethany
0
25
Transcript
JSON Web Tokens Luong Vo
None
None
None
None
None
None
JSON Web Token
What is JSON Web Tokens
JSON Object To transfer data between two parties digitally signed
Digitally signed JSON Data Signature JSON Web Token
Signature signing algorithm
RSA256
HSA256
Comparison RSA256 HSA256
None
None
JSON API Authentication
Main app Username + password Session token Auth Service Generate
session token Save session token to database But why?
Main app Session token JWT Token Auth Service Generate JWT
Query session token to check But why?
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JWT But why?
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JWT Microservice GRPC call But why?
Microservice API Call !? Oh….
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JW T Microservice Oh….
External system Main app Microservice
None
Microservice API Call Should we? Auth Service authenticate
Microservice API Call Better! LOAD BALANCER Auth Service authenticate API
Gateway
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Microservice LOAD BALANCER
None
None
None
https://github.com/Thinkei/eh-kong/blob/master/auth/handler.lua#L49
None
Why not just use JWT
Size User ID in JWT User id in session token
• Require CPU to compute cryptographic signatures • No utilisation
of being stateless • Redundant-signing • Can be read on the client side • Must be explicitly encrypted if we wanted to • Hard revocation
That’s it. Thank you for your attention!
luongvo
maroon1st
tomokon
kamekyame
halhorn
javiergs
cloverrose
denyspoltorak
izumin5210
t3tra
panda728
kanamasa
tammyeverts
rasmusluckow
.png){kind=avatar}
helenjbeal
deanohume
smashingmag
chriscoyier
portentint
axbom
holman
bluesmoon
jonoalderson
bethany
