Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to JWT

Intro to JWT

Cookies have been around for decades and have served us well. Nobody questions their usefulness. However, modern apps demand a better approach. This session is all about the natural successor to cookies: using a token-based design with JWTs.

A321e3a0c13d3b3f7dcc76ff9c941050?s=128

Martin Gontovnikas

December 01, 2014
Tweet

Transcript

  1. Death to Cookies Long Live JSON Web Tokens

  2. Browser Server 1. POST /users/login with username and password 2.

    Creates a User session 3. Returns a logged in cookie to the browser 4. Do an authenticated request. Sends the cookie. 5. Check the session based on the cookie and authenticate the user 6. Sends response to the client
  3. A better approach Token-based Authentication JSON Web Tokens https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30

  4. Demo time! jwt.io

  5. None
  6. None
  7. None
  8. None
  9. None
  10. Browser Server 1. POST /users/login with username and password 2.

    Creates a JWT with a secret 3. Returns the JWT to the Browser 4. Sends the JWT on the Authorization Header. 5. Check JWT signature. Get user information from the JWT. 6. Sends response to the client
  11. @mgonto Thanks!