Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Json Web Token at Employment Hero
Search
Luong Vo
September 11, 2018
Programming
0
39
Json Web Token at Employment Hero
Luong Vo
September 11, 2018
Tweet
Share
More Decks by Luong Vo
See All by Luong Vo
Why our platform needs Redis Sentinel
luongvo
0
87
Performance Monitoring at Employment Hero
luongvo
0
140
Lalaland - A C2C ecommerce site - pitch deck
luongvo
0
400
Skeleton-based Human Action Recognition with Recurrent Neural Network
luongvo
0
220
Ruby Threads
luongvo
1
31
Caching in Ruby
luongvo
1
32
Monitoring system at Employment Hero
luongvo
0
46
Introduction to Docker and Docker Compose
luongvo
0
61
Database migration from Heroku to Amazon Web Services
luongvo
0
68
Other Decks in Programming
See All in Programming
ワイがおすすめする新潟の食 / 20250530phpconf-niigata-eve
kasacchiful
0
300
Create a website using Spatial Web
akkeylab
0
250
TypeScript LSP の今までとこれから
quramy
1
490
実践ArchUnit ~実例による検証パターンの紹介~
ogiwarat
2
250
単体テストの始め方/作り方
toms74209200
0
430
The Evolution of Enterprise Java with Jakarta EE 11 and Beyond
ivargrimstad
1
610
Enterprise Web App. Development (2): Version Control Tool Training Ver. 5.1
knakagawa
1
110
データベースコネクションプール(DBCP)の変遷と理解
fujikawa8
1
240
Java on Azure で LangGraph!
kohei3110
0
110
C++20 射影変換
faithandbrave
0
230
Practical Tips and Tricks for Working with Compose Multiplatform Previews (mDevCamp 2025)
stewemetal
0
120
Passkeys for Java Developers
ynojima
2
840
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Automating Front-end Workflow
addyosmani
1370
200k
Building a Modern Day E-commerce SEO Strategy
aleyda
41
7.3k
We Have a Design System, Now What?
morganepeng
52
7.6k
Navigating Team Friction
lara
186
15k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Building Applications with DynamoDB
mza
95
6.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
180
53k
For a Future-Friendly Web
brad_frost
179
9.8k
Faster Mobile Websites
deanohume
307
31k
Designing Experiences People Love
moore
142
24k
The Cost Of JavaScript in 2023
addyosmani
50
8.3k
Transcript
JSON Web Tokens Luong Vo
None
None
None
None
None
None
JSON Web Token
What is JSON Web Tokens
JSON Object To transfer data between two parties digitally signed
Digitally signed JSON Data Signature JSON Web Token
Signature signing algorithm
RSA256
HSA256
Comparison RSA256 HSA256
None
None
JSON API Authentication
Main app Username + password Session token Auth Service Generate
session token Save session token to database But why?
Main app Session token JWT Token Auth Service Generate JWT
Query session token to check But why?
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JWT But why?
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JWT Microservice GRPC call But why?
Microservice API Call !? Oh….
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JW T Microservice Oh….
External system Main app Microservice
None
Microservice API Call Should we? Auth Service authenticate
Microservice API Call Better! LOAD BALANCER Auth Service authenticate API
Gateway
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Microservice LOAD BALANCER
None
None
None
https://github.com/Thinkei/eh-kong/blob/master/auth/handler.lua#L49
None
Why not just use JWT
Size User ID in JWT User id in session token
• Require CPU to compute cryptographic signatures • No utilisation
of being stateless • Redundant-signing • Can be read on the client side • Must be explicitly encrypted if we wanted to • Hard revocation
That’s it. Thank you for your attention!
luongvo
kasacchiful
akkeylab
quramy
ogiwarat
toms74209200
ivargrimstad
knakagawa
fujikawa8
kohei3110
faithandbrave
stewemetal
ynojima
sstephenson
addyosmani
aleyda
morganepeng
lara
thoeni
mza
soudai
brad_frost
deanohume
moore
