Tweet
Tweet

Slide 1

Slide 1 text

Death to Cookies Long Live JSON Web Tokens

Slide 2

Slide 2 text

Browser Server 1. POST /users/login with username and password 2. Creates a User session 3. Returns a logged in cookie to the browser 4. Do an authenticated request. Sends the cookie. 5. Check the session based on the cookie and authenticate the user 6. Sends response to the client

Slide 3

Slide 3 text

A better approach Token-based Authentication JSON Web Tokens https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30

Slide 4

Slide 4 text

Demo time! jwt.io

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

Browser Server 1. POST /users/login with username and password 2. Creates a JWT with a secret 3. Returns the JWT to the Browser 4. Sends the JWT on the Authorization Header. 5. Check JWT signature. Get user information from the JWT. 6. Sends response to the client

Slide 11

Slide 11 text

@mgonto Thanks!