JOSEJson Object Signing and Encryption
JOSEjwt jwa jws
jwk jwe
Json Object Signing and Encryption
JWT
{ “typ”: “JWT”, “alg”: “none”}
{ “user”: { “id”: 1, “name”: “Luís Cobucci” }}
JWT
{ “typ”: “JWT”, “alg”: “none”}
{ “user”: { “id”: 1, “name”: “Luís Cobucci” }}
headers
JWT
{ “typ”: “JWT”, “alg”: “none”}
{ “user”: { “id”: 1, “name”: “Luís Cobucci” }}
headers
claims
JWT
Base64URL( )+ “.” + Base64URL( )+ “.”
headers
claims
JWT
{ “typ”: “JWT”, “alg”: “none”}
{ “user”: { “id”: 1, “name”: “Luís Cobucci” }}
headers
claims
JWT
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjp7ImlkIjoxLCJuYW1lIjoiTHXDrXMgQ29idWNjaSJ9fQ.
JWS
Base64URL( )+ “.” + Base64URL( )
headers
claims
payload
JWS + JWA
alg( , )payload
- Hmac SHA (256|384|512)- RSA (256|384|512)- and more...
key
JWT + JWS
Base64URL( )+ “.” + Base64URL( )+ “.” +Base64URL( )
headers
claims
signature
JWT + JWS
{ “typ”: “JWS”, “alg”: “HS256”}
{ “user”: { “id”: 1, “name”: “Luís Cobucci” }}
headers
claimskeyHello JWT+JWS!
JWT + JWSeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJ1c2VyIjp7ImlkIjoxLCJuYW1lIjoiTHXDrXMgQ29idWNjaSJ9fQ.VTYdu2yNuEToLD00A0Gpb4vMRF5cme-dzOXgjByhGss
Basic exampleClient (Single Page App)
API
key
key
Going furtherClient (Single Page App)
Proxy
private keyAuth
Collection
Borrowing
public key
public key
public key
public key
Referenceshttps://datatracker.ietf.org/wg/jose/documents/
https://securityblog.redhat.com/2015/04/01/jose-json-object-signing-and-encryption/
http://jwt.io/
http://github.com/lcobucci/jwt