Tech Trek: A Software Engineer's Guide to Code and Beyond

Prerequisite : Understanding of JWT or read here to understand what is JSON Web token. As we already know that JWT is special because it is digitally signed and we can verify the authenticity of JWT using signature. Today, we will discuss on how we can actually sign this JWT using Symmetric and Asymmetric key. Symmetric key: Symmetric key uses the same key for the signature generation as well as at the time of token verification. So, extra precaution is required during the exchange of the secret key between sender and receiver. Use symmetric key if there is one sender and one receiver, the exchanging of the key will be easy.  Eg: One web application talking to the backend services. Asymmetric key: It uses a key pair. The key pair consists of a public key and a private key. JSON data will be signed using the private key and can be verified using the public key. Use Asymmetric key if you have one sender and multiple receivers as you cannot share the same key...

1. Overview JSON Web Token or JWT ( jot ) for short is an open standard (RFC 7519) that defines a compact, URL-safe means of representing claims to be transferred between two parties.  The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. 2. Structure The compacted representation of a signed JWT is a string that has three parts, each separated by a dots (.) : Eg:  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 . eyJzdWIiOiJBYmR1bCIsImlhdCI6MTIzNDU2Nzg5MCwiZXhwIjoxMjM0NTY3ODkwLCJuYmYiOjEyMzQ1Njc4OTAsImlzcyI6Imh0dHA6Ly93YWhlZWR0ZWNoYmxvZy5pbiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJhZG1pbiI6dHJ1ZX0 . Ats92uWxgSjQ8vFgQieK9tpBi66csIFHxkTke70FGlI Each section is Base64Encoded and the first section is called header, the second section ...