Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Json Web Token at Employment Hero
Search
Luong Vo
September 11, 2018
Programming
0
40
Json Web Token at Employment Hero
Luong Vo
September 11, 2018
Tweet
Share
More Decks by Luong Vo
See All by Luong Vo
Why our platform needs Redis Sentinel
luongvo
0
92
Performance Monitoring at Employment Hero
luongvo
0
140
Lalaland - A C2C ecommerce site - pitch deck
luongvo
0
410
Skeleton-based Human Action Recognition with Recurrent Neural Network
luongvo
0
240
Ruby Threads
luongvo
1
31
Caching in Ruby
luongvo
1
33
Monitoring system at Employment Hero
luongvo
0
49
Introduction to Docker and Docker Compose
luongvo
0
64
Database migration from Heroku to Amazon Web Services
luongvo
0
69
Other Decks in Programming
See All in Programming
Compose Multiplatform × AI で作る、次世代アプリ開発支援ツールの設計と実装
thagikura
0
140
Testing Trophyは叫ばない
toms74209200
0
850
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
marcoroth
0
640
AI時代のUIはどこへ行く?
yusukebe
17
8.7k
print("Hello, World")
eddie
1
530
「待たせ上手」なスケルトンスクリーン、 そのUXの裏側
teamlab
PRO
0
480
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
280
Amazon RDS 向けに提供されている MCP Server と仕組みを調べてみた/jawsug-okayama-2025-aurora-mcp
takahashiikki
1
110
プロポーザル駆動学習 / Proposal-Driven Learning
mackey0225
2
1.2k
Design Foundational Data Engineering Observability
sucitw
3
190
旅行プランAIエージェント開発の裏側
ippo012
2
890
TDD 実践ミニトーク
contour_gara
1
290
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
173
14k
A better future with KSS
kneath
239
17k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Mobile First: as difficult as doing things right
swwweet
224
9.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
A Modern Web Designer's Workflow
chriscoyier
696
190k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Visualization
eitanlees
148
16k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
520
Measuring & Analyzing Core Web Vitals
bluesmoon
9
580
Transcript
JSON Web Tokens Luong Vo
None
None
None
None
None
None
JSON Web Token
What is JSON Web Tokens
JSON Object To transfer data between two parties digitally signed
Digitally signed JSON Data Signature JSON Web Token
Signature signing algorithm
RSA256
HSA256
Comparison RSA256 HSA256
None
None
JSON API Authentication
Main app Username + password Session token Auth Service Generate
session token Save session token to database But why?
Main app Session token JWT Token Auth Service Generate JWT
Query session token to check But why?
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JWT But why?
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JWT Microservice GRPC call But why?
Microservice API Call !? Oh….
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Validate JW T Microservice Oh….
External system Main app Microservice
None
Microservice API Call Should we? Auth Service authenticate
Microservice API Call Better! LOAD BALANCER Auth Service authenticate API
Gateway
Main app Get/…. + JWT Token { “data”: …. }
Auth Service Microservice LOAD BALANCER
None
None
None
https://github.com/Thinkei/eh-kong/blob/master/auth/handler.lua#L49
None
Why not just use JWT
Size User ID in JWT User id in session token
• Require CPU to compute cryptographic signatures • No utilisation
of being stateless • Redundant-signing • Can be read on the client side • Must be explicitly encrypted if we wanted to • Hard revocation
That’s it. Thank you for your attention!
luongvo
thagikura
toms74209200
marcoroth
yusukebe
eddie
teamlab
874wokiite
takahashiikki
mackey0225
sucitw
ippo012
contour_gara
rocio
kneath
notwaldorf
swwweet
bermonpainter
philnash
chriscoyier
eitanlees
aki_iinuma
tammyeverts
bluesmoon
