JSON Web Token

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a self-contained way to transmit information between parties as a JSON object. This information is considered trusted because it is digitally signed.

JWTs can be signed using a secret (with the HMAC algorithm) or with a public/private key pair using RSA or ECDSA.

When tokens are signed using public/private key pairs, the signature certifies that the party holding the private key is the one who signed it.

JWT authentication includes the following fields:

Authorization Explanation

This is an industry standard authorization flow. The JWT (JSON Web Token) authorization flow is a method for authenticating and authorizing users in web applications using tokens encoded in JSON format.

1. Authentication:

• The user authenticates with the identity provider or authentication service.

• Upon successful authentication, the issuer generates a JWT containing the user's information and signs it using the private key.

1. Token Issuance:

• The JWT is issued to the user, usually in response to a successful login request.

• The token includes the issuer, subject, audience, and other relevant claims.

1. Token Usage:

• The user includes the JWT in subsequent requests to access protected resources or services.

• The recipient verifies the token's signature using the public key associated with the private key used for signing.

• The recipient validates the issuer, subject, audience, and any other relevant claims to ensure the token's authenticity and integrity.

1. Authorization:

• Based on the information contained in the token, the recipient determines whether the user has the necessary permissions to access the requested resource.

• If the user is authorized, the request is processed accordingly; otherwise, access is denied.